CVE-2013-2061

EPSS 1.5%

Published: 11/18/2013Modified: 4/28/2026

Also known as:DEBIAN-CVE-2013-2061

Description

The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.

Affected packages (1)

Debian/openvpnfrom 0, < 2.3.1-1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-2061