CVE-2016-6329
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-6329
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6329.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-6329
- Related
- Published
- 2017-01-31T22:59:00Z
- Modified
- 2025-02-14T09:53:27.446889Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.
- References
-
- http://www.securityfocus.com/bid/92631
- http://www.securitytracker.com/id/1036695
- https://community.openvpn.net/openvpn/wiki/SWEET32
- https://security.gentoo.org/glsa/201611-02
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697
- http://www-01.ibm.com/support/docview.wss?uid=swg21991482
- http://www-01.ibm.com/support/docview.wss?uid=swg21995039
- https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403
- https://sweet32.info/
- https://security-tracker.debian.org/tracker/CVE-2016-6329
Affected packages
Debian:11 / openvpn
Package
- Name
- openvpn
- Purl
- pkg:deb/debian/openvpn?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.5.1-3
2.5.5-1
2.5.6-1
2.6.0~git20220317+dco-1
2.6.0~git20220510+dco-1
2.6.0~git20220518+dco-1
2.6.0~git20220518+dco-2
2.6.0~git20220518+dco-3
2.6.0~git20220808-1
2.6.0~git20220811-1
2.6.0~git20220811-2
2.6.0~git20220818-1
2.6.0~git20221116-1
2.6.0~git20221201-1
2.6.0~git20221215+beta2-1
2.6.0~git20221222-1
2.6.0~rc1-1~bpo11+1
2.6.0~rc1-1
2.6.0~rc2-1
2.6.0-1~bpo11+1
2.6.0-1
2.6.1-1~exp1
2.6.1-1
2.6.2-1~exp1
2.6.2-1~exp2
2.6.3-1~bpo11+1
2.6.3-1
2.6.3-2
2.6.3-2.1
2.6.7-1
2.6.9-1
2.6.11-1
2.6.12-1
2.6.13-1
Debian:12 / openvpn
Package
- Name
- openvpn
- Purl
- pkg:deb/debian/openvpn?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:13 / openvpn
Package
- Name
- openvpn
- Purl
- pkg:deb/debian/openvpn?arch=source
Git / github.com/openvpn/openvpn
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openvpn/openvpn
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
Other
contains
v2.*
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.1_rc1
v2.1_rc10
v2.1_rc11
v2.1_rc12
v2.1_rc13
v2.1_rc14
v2.1_rc15
v2.1_rc16
v2.1_rc17
v2.1_rc18
v2.1_rc19
v2.1_rc2
v2.1_rc20
v2.1_rc21
v2.1_rc22
v2.1_rc3
v2.1_rc4
v2.1_rc5
v2.1_rc6
v2.1_rc7
v2.1_rc8
v2.1_rc9
v2.2-RC
v2.2-RC2
v2.2-beta4
v2.2-beta5
v2.3-alpha1
v2.3.0
v2.3.1
v2.3.10
v2.3.11
v2.3.12
v2.3.13
v2.3.14
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.3_alpha2
v2.3_alpha3
v2.3_beta1
v2.3_rc1
v2.3_rc2