CVE-2020-7224

CVE-2020-7224

Name

CVE-2020-7224

Description

The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party libraries to load.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Vendor Advisory	https://docs.aviatrix.com/HowTos/security_bulletin_article.html
Vendor Advisory	https://docs.aviatrix.com/#security-bulletin
Vendor Advisory	https://docs.aviatrix.com/HowTos/security_bulletin_article.html#article-avxsb-00001

Type

URI

Vendor Advisory

https://docs.aviatrix.com/HowTos/security_bulletin_article.html

Vendor Advisory

https://docs.aviatrix.com/#security-bulletin

Vendor Advisory

https://docs.aviatrix.com/HowTos/security_bulletin_article.html#article-avxsb-00001

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:aviatrix:openvpn::::::::`	openvpn	>= None	<= 2.5.7

CPE URI

Source package

Min version

Max version

cpe:2.3:a:aviatrix:openvpn:*:*:*:*:*:*:*:*

openvpn

>= None

<= 2.5.7

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
openvpn	edge-main	2.5.7-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
openvpn	edge-main	2.5.6-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
openvpn	edge-main	2.5.6-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
openvpn	edge-main	2.5.5-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
openvpn	edge-main	2.5.4-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
openvpn	edge-main	2.5.3-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
openvpn	edge-main	2.5.3-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
openvpn	edge-main	2.5.2-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
openvpn	edge-main	2.4.9-r0	None	fixed
openvpn	edge-main	2.4.6-r0	None	fixed
openvpn	3.22-main	2.5.6-r0	None	fixed
openvpn	3.22-main	2.5.2-r0	None	fixed
openvpn	3.22-main	2.4.9-r0	None	fixed
openvpn	3.22-main	2.4.6-r0	None	fixed
openvpn	3.21-main	2.5.6-r0	None	fixed
openvpn	3.21-main	2.5.2-r0	None	fixed
openvpn	3.21-main	2.4.9-r0	None	fixed
openvpn	3.21-main	2.4.6-r0	None	fixed
openvpn	3.20-main	2.5.6-r0	None	fixed
openvpn	3.20-main	2.5.2-r0	None	fixed
openvpn	3.20-main	2.4.9-r0	None	fixed
openvpn	3.20-main	2.4.6-r0	None	fixed
openvpn	3.19-main	2.5.6-r0	None	fixed
openvpn	3.19-main	2.5.2-r0	None	fixed
openvpn	3.19-main	2.4.9-r0	None	fixed
openvpn	3.19-main	2.4.6-r0	None	fixed
openvpn	3.12-main	2.4.12-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
openvpn	3.12-main	2.4.11-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
openvpn	3.11-main	2.4.11-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
openvpn	3.10-main	2.4.11-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status

openvpn

edge-main

2.5.7-r0

Natanael Copa <ncopa@alpinelinux.org>

fixed

openvpn

edge-main