Description
The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.
Remediation
References
Related Vulnerabilities
Joomla! Core 1.6.0 Spam (1.6.0)
PHP Improper Encoding or Escaping of Output Vulnerability (CVE-2024-5585)
ownCloud Improper Privilege Management Vulnerability (CVE-2021-35946)
WordPress Plugin Ad Manager by WD-Advanced Ad Manager Multiple Vulnerabilities (1.0.11)
WordPress Plugin Sermon Browser Cross-Site Scripting and SQL Injection Vulnerabilities (0.43)