CVE-2022-0547

CVE-2022-0547

Name

CVE-2022-0547

Description

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://openvpn.net/community-downloads/
MISC	https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
MISC	https://community.openvpn.net/openvpn/wiki/CVE-2022-0547
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R36OYC5SJ6FLPVAYJYYT4MOJ2I7MGYFF/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GFXJ35WKPME4HYNQCQNAJHLCZOJL2SAE/
mailing-list	https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html
vendor-advisory	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R36OYC5SJ6FLPVAYJYYT4MOJ2I7MGYFF/
vendor-advisory	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFXJ35WKPME4HYNQCQNAJHLCZOJL2SAE/
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/03/msg00005.html

Type

URI

MISC

https://openvpn.net/community-downloads/

MISC

https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements

MISC

https://community.openvpn.net/openvpn/wiki/CVE-2022-0547

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R36OYC5SJ6FLPVAYJYYT4MOJ2I7MGYFF/

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GFXJ35WKPME4HYNQCQNAJHLCZOJL2SAE/

mailing-list

https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html

vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R36OYC5SJ6FLPVAYJYYT4MOJ2I7MGYFF/

vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFXJ35WKPME4HYNQCQNAJHLCZOJL2SAE/

af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2025/03/msg00005.html

CPE URI	Source package	Min version	Max version
	openvpn	== version 2.1 until version 2.4.12 and 2.5.6.	== version 2.1 until version 2.4.12 and 2.5.6.

CPE URI

Source package

Min version

Max version

openvpn

== version 2.1 until version 2.4.12 and 2.5.6.

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
openvpn	edge-main	2.5.6-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
openvpn	3.22-main	2.5.6-r0	None	fixed
openvpn	3.21-main	2.5.6-r0	None	fixed
openvpn	3.20-main	2.5.6-r0	None	fixed
openvpn	3.19-main	2.5.6-r0	None	fixed
openvpn	3.18-main	2.5.6-r0	None	fixed
openvpn	3.17-main	2.5.6-r0	None	fixed
openvpn	3.12-main	2.4.12-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status

openvpn

edge-main

2.5.6-r0

Natanael Copa <ncopa@alpinelinux.org>

fixed

openvpn

3.22-main