בתאריך יום ו׳, 15 בנוב׳ 2024 ב-14:31 מאת נתי שטרן <nsh...@gmail.com>:
> Is it cve/vdp? > Whether it is or not, I would appreciate it if you could guide me on how > to develop a patch that will close the aforementioned loophole > > > thanks, > > Netanel > > בתאריך יום ה׳, 14 בנוב׳ 2024 ב-23:43 מאת Gert Doering < > g...@greenie.muc.de>: > >> Hi, >> >> On Thu, Nov 14, 2024 at 10:12:35PM +0200, ?????? ???????? wrote: >> > I am writing to responsibly disclose a vulnerability discovered during a >> > black box penetration testing engagement. The vulnerability affects the >> > OpenVPN client (v2.4.12, x86_64-pc-linux-gnu) and can lead to a >> > denial-of-service (DoS) condition due to repeated TLS key negotiation >> > timeouts. >> >> 2.4.x is end of everything since March 2022. >> >> The current stable branch is 2.6.x, and we do maintain 2.5.x for severe >> bugs. >> >> https://community.openvpn.net/openvpn/wiki/SupportedVersions >> >> Quite a bit of effort has been put into making the TLS handshake >> (assuming tls-crypt-v2 is used) more robust in 2.6.0 - so if your >> results are applicatble to 2.6.0 with tls-crypt-v2, we're happy to >> listen. >> >> gert >> -- >> "If was one thing all people took for granted, was conviction that if you >> feed honest figures into a computer, honest figures come out. Never >> doubted >> it myself till I met a computer with a sense of humor." >> Robert A. Heinlein, The Moon is a Harsh >> Mistress >> >> Gert Doering - Munich, Germany >> g...@greenie.muc.de >> > > > -- > <https://netanel.ml> > -- <https://netanel.ml>
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
