Description
The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.
Remediation
References
Related Vulnerabilities
SharePoint Resource Management Errors Vulnerability (CVE-2015-0086)
Magento Improper Authorization Vulnerability (CVE-2021-21022)
SharePoint CVE-2021-31172 Vulnerability (CVE-2021-31172)
WordPress Plugin Broken Link Manager SQL Injection (0.6.5)
Oracle Database Server Incorrect Calculation of Buffer Size Vulnerability (CVE-2004-1363)