CVE-2016-6329

EUVD-2016-7256
OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
openvpnopenvpn
𝑥
≤ 2.3.14
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openvpn
bookworm
unimportant
bookworm (security)
unimportant
bullseye
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openvpn
artful
not-affected
bionic
not-affected
cosmic
not-affected
disco
not-affected
eoan
not-affected
focal
not-affected
groovy
not-affected
hirsute
not-affected
precise
ignored
trusty
Fixed 2.3.2-7ubuntu3.2
released
xenial
Fixed 2.3.10-1ubuntu2.1
released
yakkety
Fixed 2.3.11-1ubuntu2.1
released
zesty
not-affected
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697
http://www-01.ibm.com/support/docview.wss?uid=swg21991482
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
http://www.securityfocus.com/bid/92631
http://www.securitytracker.com/id/1036695
https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf
https://community.openvpn.net/openvpn/wiki/SWEET32
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403
https://security.gentoo.org/glsa/201611-02
https://sweet32.info/
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697
http://www-01.ibm.com/support/docview.wss?uid=swg21991482
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
http://www.securityfocus.com/bid/92631
http://www.securitytracker.com/id/1036695
https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf
https://community.openvpn.net/openvpn/wiki/SWEET32
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403
https://security.gentoo.org/glsa/201611-02
https://sweet32.info/