CVE-2022-0547

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-0547

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0547.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-0547

Related

Published

2022-03-18T18:15:12Z

Modified

2025-03-08T11:43:20.842233Z

Downstream

DLA-2992-1

DLA-4079-1

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.

References

Affected packages

Alpine:v3.12 / openvpn

Package

Name: openvpn
Purl: pkg:apk/alpine/openvpn?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.12-r0

Affected versions

2.*

2.0.9-r0

2.0.9-r1

2.0.9-r2

2.1.1-r0

2.1.1-r1

2.1.1-r2

2.1.3-r0

2.1.4-r0

2.1.4-r1

2.2.0-r0

2.2.0-r1

2.2.0-r2

2.2.2-r0

2.3.0-r0

2.3.1-r0

2.3.2-r0

2.3.2-r1

2.3.2-r2

2.3.3-r0

2.3.4-r0

2.3.5-r0

2.3.6-r0

2.3.6-r1

2.3.7-r0

2.3.8-r0

2.3.8-r1

2.3.9-r0

2.3.10-r0

2.3.10-r1

2.3.10-r2

2.3.11-r0

2.3.12-r0

2.3.12-r1

2.3.14-r0

2.4.0-r0

2.4.1-r0

2.4.1-r1

2.4.2-r0

2.4.3-r0

2.4.4-r0

2.4.4-r1

2.4.5-r0

2.4.5-r1

2.4.6-r0

2.4.6-r1

2.4.6-r2

2.4.6-r3

2.4.6-r4

2.4.6-r5

2.4.7-r0

2.4.7-r1

2.4.8-r0

2.4.8-r1

2.4.8-r2

2.4.8-r3

2.4.8-r4

2.4.9-r0

2.4.10-r0

2.4.11-r0

Alpine:v3.13 / openvpn

Package

Name: openvpn
Purl: pkg:apk/alpine/openvpn?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.6-r0

Affected versions

2.*

2.0.9-r0

2.0.9-r1

2.0.9-r2

2.1.1-r0

2.1.1-r1

2.1.1-r2

2.1.3-r0

2.1.4-r0

2.1.4-r1

2.2.0-r0

2.2.0-r1

2.2.0-r2

2.2.2-r0

2.3.0-r0

2.3.1-r0

2.3.2-r0

2.3.2-r1

2.3.2-r2

2.3.3-r0

2.3.4-r0

2.3.5-r0

2.3.6-r0

2.3.6-r1

2.3.7-r0

2.3.8-r0

2.3.8-r1

2.3.9-r0

2.3.10-r0

2.3.10-r1

2.3.10-r2

2.3.11-r0

2.3.12-r0

2.3.12-r1

2.3.14-r0

2.4.0-r0

2.4.1-r0

2.4.1-r1

2.4.2-r0

2.4.3-r0

2.4.4-r0

2.4.4-r1

2.4.5-r0

2.4.5-r1

2.4.6-r0

2.4.6-r1

2.4.6-r2

2.4.6-r3

2.4.6-r4

2.4.6-r5

2.4.7-r0

2.4.7-r1

2.4.8-r0

2.4.8-r1

2.4.8-r2

2.4.8-r3

2.4.8-r4

2.4.9-r0

2.5.0-r0

2.5.0-r1

2.5.1-r0

2.5.2-r0

2.5.3-r0

2.5.4-r0

2.5.5-r0

Alpine:v3.14 / openvpn

Package

Name: openvpn
Purl: pkg:apk/alpine/openvpn?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.6-r0

Affected versions

2.*

2.0.9-r0

2.0.9-r1

2.0.9-r2

2.1.1-r0

2.1.1-r1

2.1.1-r2

2.1.3-r0

2.1.4-r0

2.1.4-r1

2.2.0-r0

2.2.0-r1

2.2.0-r2

2.2.2-r0

2.3.0-r0

2.3.1-r0

2.3.2-r0

2.3.2-r1

2.3.2-r2

2.3.3-r0

2.3.4-r0

2.3.5-r0

2.3.6-r0

2.3.6-r1

2.3.7-r0

2.3.8-r0

2.3.8-r1

2.3.9-r0

2.3.10-r0

2.3.10-r1

2.3.10-r2

2.3.11-r0

2.3.12-r0

2.3.12-r1

2.3.14-r0

2.4.0-r0

2.4.1-r0

2.4.1-r1

2.4.2-r0

2.4.3-r0

2.4.4-r0

2.4.4-r1

2.4.5-r0

2.4.5-r1

2.4.6-r0

2.4.6-r1

2.4.6-r2

2.4.6-r3

2.4.6-r4

2.4.6-r5

2.4.7-r0

2.4.7-r1

2.4.8-r0

2.4.8-r1

2.4.8-r2

2.4.8-r3

2.4.8-r4

2.4.9-r0

2.5.0-r0

2.5.0-r1

2.5.1-r0

2.5.2-r0

2.5.3-r0

2.5.4-r0

2.5.5-r0

Alpine:v3.15 / openvpn

Package

Name: openvpn
Purl: pkg:apk/alpine/openvpn?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.6-r0

Affected versions

2.*

2.0.9-r0

2.0.9-r1

2.0.9-r2

2.1.1-r0

2.1.1-r1

2.1.1-r2

2.1.3-r0

2.1.4-r0

2.1.4-r1

2.2.0-r0

2.2.0-r1

2.2.0-r2

2.2.2-r0

2.3.0-r0

2.3.1-r0

2.3.2-r0

2.3.2-r1

2.3.2-r2

2.3.3-r0

2.3.4-r0

2.3.5-r0

2.3.6-r0

2.3.6-r1

2.3.7-r0

2.3.8-r0

2.3.8-r1

2.3.9-r0

2.3.10-r0

2.3.10-r1

2.3.10-r2

2.3.11-r0

2.3.12-r0

2.3.12-r1

2.3.14-r0

2.4.0-r0

2.4.1-r0

2.4.1-r1

2.4.2-r0

2.4.3-r0

2.4.4-r0

2.4.4-r1

2.4.5-r0

2.4.5-r1

2.4.6-r0

2.4.6-r1

2.4.6-r2

2.4.6-r3

2.4.6-r4

2.4.6-r5

2.4.7-r0

2.4.7-r1

2.4.8-r0

2.4.8-r1

2.4.8-r2

2.4.8-r3

2.4.8-r4

2.4.9-r0

2.5.0-r0

2.5.0-r1

2.5.1-r0

2.5.2-r0

2.5.3-r0

2.5.3-r1

2.5.4-r0

2.5.5-r0

Alpine:v3.16 / openvpn

Package

Name: openvpn
Purl: pkg:apk/alpine/openvpn?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.6-r0

Affected versions

2.*

2.0.9-r0

2.0.9-r1

2.0.9-r2

2.1.1-r0

2.1.1-r1

2.1.1-r2

2.1.3-r0

2.1.4-r0

2.1.4-r1

2.2.0-r0

2.2.0-r1

2.2.0-r2

2.2.2-r0

2.3.0-r0

2.3.1-r0

2.3.2-r0

2.3.2-r1

2.3.2-r2

2.3.3-r0

2.3.4-r0

2.3.5-r0

2.3.6-r0

2.3.6-r1

2.3.7-r0

2.3.8-r0

2.3.8-r1

2.3.9-r0

2.3.10-r0

2.3.10-r1

2.3.10-r2

2.3.11-r0

2.3.12-r0

2.3.12-r1

2.3.14-r0

2.4.0-r0

2.4.1-r0

2.4.1-r1

2.4.2-r0

2.4.3-r0

2.4.4-r0

2.4.4-r1

2.4.5-r0

2.4.5-r1

2.4.6-r0

2.4.6-r1

2.4.6-r2

2.4.6-r3

2.4.6-r4

2.4.6-r5

2.4.7-r0

2.4.7-r1

2.4.8-r0

2.4.8-r1

2.4.8-r2

2.4.8-r3

2.4.8-r4

2.4.9-r0

2.5.0-r0

2.5.0-r1

2.5.1-r0

2.5.2-r0

2.5.3-r0

2.5.3-r1

2.5.4-r0

2.5.4-r1

2.5.5-r0

Alpine:v3.17 / openvpn

Package

Name: openvpn
Purl: pkg:apk/alpine/openvpn?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.6-r0

Affected versions

2.*

2.0.9-r0

2.0.9-r1

2.0.9-r2

2.1.1-r0

2.1.1-r1

2.1.1-r2

2.1.3-r0

2.1.4-r0

2.1.4-r1

2.2.0-r0

2.2.0-r1

2.2.0-r2

2.2.2-r0

2.3.0-r0

2.3.1-r0

2.3.2-r0

2.3.2-r1

2.3.2-r2

2.3.3-r0

2.3.4-r0

2.3.5-r0

2.3.6-r0

2.3.6-r1

2.3.7-r0

2.3.8-r0

2.3.8-r1

2.3.9-r0

2.3.10-r0

2.3.10-r1

2.3.10-r2

2.3.11-r0

2.3.12-r0

2.3.12-r1

2.3.14-r0

2.4.0-r0

2.4.1-r0

2.4.1-r1

2.4.2-r0

2.4.3-r0

2.4.4-r0

2.4.4-r1

2.4.5-r0

2.4.5-r1

2.4.6-r0

2.4.6-r1

2.4.6-r2

2.4.6-r3

2.4.6-r4

2.4.6-r5

2.4.7-r0

2.4.7-r1

2.4.8-r0

2.4.8-r1

2.4.8-r2

2.4.8-r3

2.4.8-r4

2.4.9-r0

2.5.0-r0

2.5.0-r1

2.5.1-r0

2.5.2-r0

2.5.3-r0

2.5.3-r1

2.5.4-r0

2.5.4-r1

2.5.5-r0

Alpine:v3.18 / openvpn

Package

Name: openvpn
Purl: pkg:apk/alpine/openvpn?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.6-r0

Affected versions

2.*

2.0.9-r0

2.0.9-r1

2.0.9-r2

2.1.1-r0

2.1.1-r1

2.1.1-r2

2.1.3-r0

2.1.4-r0

2.1.4-r1

2.2.0-r0

2.2.0-r1

2.2.0-r2

2.2.2-r0

2.3.0-r0

2.3.1-r0

2.3.2-r0

2.3.2-r1

2.3.2-r2

2.3.3-r0

2.3.4-r0

2.3.5-r0

2.3.6-r0

2.3.6-r1

2.3.7-r0

2.3.8-r0

2.3.8-r1

2.3.9-r0

2.3.10-r0

2.3.10-r1

2.3.10-r2

2.3.11-r0

2.3.12-r0

2.3.12-r1

2.3.14-r0

2.4.0-r0

2.4.1-r0

2.4.1-r1

2.4.2-r0

2.4.3-r0

2.4.4-r0

2.4.4-r1

2.4.5-r0

2.4.5-r1

2.4.6-r0

2.4.6-r1

2.4.6-r2

2.4.6-r3

2.4.6-r4

2.4.6-r5

2.4.7-r0

2.4.7-r1

2.4.8-r0

2.4.8-r1

2.4.8-r2

2.4.8-r3

2.4.8-r4

2.4.9-r0

2.5.0-r0

2.5.0-r1

2.5.1-r0

2.5.2-r0

2.5.3-r0

2.5.3-r1

2.5.4-r0

2.5.4-r1

2.5.5-r0

Alpine:v3.19 / openvpn

Package

Name: openvpn
Purl: pkg:apk/alpine/openvpn?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.6-r0

Affected versions

2.*

2.0.9-r0

2.0.9-r1

2.0.9-r2

2.1.1-r0

2.1.1-r1

2.1.1-r2

2.1.3-r0

2.1.4-r0

2.1.4-r1

2.2.0-r0

2.2.0-r1

2.2.0-r2

2.2.2-r0

2.3.0-r0

2.3.1-r0

2.3.2-r0

2.3.2-r1

2.3.2-r2

2.3.3-r0

2.3.4-r0

2.3.5-r0

2.3.6-r0

2.3.6-r1

2.3.7-r0

2.3.8-r0

2.3.8-r1

2.3.9-r0

2.3.10-r0

2.3.10-r1

2.3.10-r2

2.3.11-r0

2.3.12-r0

2.3.12-r1

2.3.14-r0

2.4.0-r0

2.4.1-r0

2.4.1-r1

2.4.2-r0

2.4.3-r0

2.4.4-r0

2.4.4-r1

2.4.5-r0

2.4.5-r1

2.4.6-r0

2.4.6-r1

2.4.6-r2

2.4.6-r3

2.4.6-r4

2.4.6-r5

2.4.7-r0

2.4.7-r1

2.4.8-r0

2.4.8-r1

2.4.8-r2

2.4.8-r3

2.4.8-r4

2.4.9-r0

2.5.0-r0

2.5.0-r1

2.5.1-r0

2.5.2-r0

2.5.3-r0

2.5.3-r1

2.5.4-r0

2.5.4-r1

2.5.5-r0

Alpine:v3.20 / openvpn

Package

Name: openvpn
Purl: pkg:apk/alpine/openvpn?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.6-r0

Affected versions

2.*

2.0.9-r0

2.0.9-r1

2.0.9-r2

2.1.1-r0

2.1.1-r1

2.1.1-r2

2.1.3-r0

2.1.4-r0

2.1.4-r1

2.2.0-r0

2.2.0-r1

2.2.0-r2

2.2.2-r0

2.3.0-r0

2.3.1-r0

2.3.2-r0

2.3.2-r1

2.3.2-r2

2.3.3-r0

2.3.4-r0

2.3.5-r0

2.3.6-r0

2.3.6-r1

2.3.7-r0

2.3.8-r0

2.3.8-r1

2.3.9-r0

2.3.10-r0

2.3.10-r1

2.3.10-r2

2.3.11-r0

2.3.12-r0

2.3.12-r1

2.3.14-r0

2.4.0-r0

2.4.1-r0

2.4.1-r1

2.4.2-r0

2.4.3-r0

2.4.4-r0

2.4.4-r1

2.4.5-r0

2.4.5-r1

2.4.6-r0

2.4.6-r1

2.4.6-r2

2.4.6-r3

2.4.6-r4

2.4.6-r5

2.4.7-r0

2.4.7-r1

2.4.8-r0

2.4.8-r1

2.4.8-r2

2.4.8-r3

2.4.8-r4

2.4.9-r0

2.5.0-r0

2.5.0-r1

2.5.1-r0

2.5.2-r0

2.5.3-r0

2.5.3-r1

2.5.4-r0

2.5.4-r1

2.5.5-r0

Alpine:v3.21 / openvpn

Package

Name: openvpn
Purl: pkg:apk/alpine/openvpn?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.6-r0

Affected versions

2.*

2.0.9-r0

2.0.9-r1

2.0.9-r2

2.1.1-r0

2.1.1-r1

2.1.1-r2

2.1.3-r0

2.1.4-r0

2.1.4-r1

2.2.0-r0

2.2.0-r1

2.2.0-r2

2.2.2-r0

2.3.0-r0

2.3.1-r0

2.3.2-r0

2.3.2-r1

2.3.2-r2

2.3.3-r0

2.3.4-r0

2.3.5-r0

2.3.6-r0

2.3.6-r1

2.3.7-r0

2.3.8-r0

2.3.8-r1

2.3.9-r0

2.3.10-r0

2.3.10-r1

2.3.10-r2

2.3.11-r0

2.3.12-r0

2.3.12-r1

2.3.14-r0

2.4.0-r0

2.4.1-r0

2.4.1-r1

2.4.2-r0

2.4.3-r0

2.4.4-r0

2.4.4-r1

2.4.5-r0

2.4.5-r1

2.4.6-r0

2.4.6-r1

2.4.6-r2

2.4.6-r3

2.4.6-r4

2.4.6-r5

2.4.7-r0

2.4.7-r1

2.4.8-r0

2.4.8-r1

2.4.8-r2

2.4.8-r3

2.4.8-r4

2.4.9-r0

2.5.0-r0

2.5.0-r1

2.5.1-r0

2.5.2-r0

2.5.3-r0

2.5.3-r1

2.5.4-r0

2.5.4-r1

2.5.5-r0

Debian:11 / openvpn

Package

Name: openvpn
Purl: pkg:deb/debian/openvpn?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.1-3+deb11u1

Affected versions

2.*

2.5.1-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / openvpn

Package

Name: openvpn
Purl: pkg:deb/debian/openvpn?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / openvpn

Package

Name: openvpn
Purl: pkg:deb/debian/openvpn?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/openvpn/openvpn

Affected ranges

Type: GIT
Repo: https://github.com/openvpn/openvpn
Events: Introduced

4580320b22946a1dd65039a6efcd616ee5e4ac3b

Fixed

058407a89cb812115b383570b12f4c2fde500d39

Affected versions

v2.*

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.2-RC

v2.2-RC2

v2.2-beta4

v2.2-beta5

v2.3-alpha1

v2.3_alpha2

v2.3_alpha3

v2.3_beta1

v2.4.0

v2.4.1

v2.4.10

v2.4.11

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.4.6

v2.4.7

v2.4.8

v2.4.9

v2.4_alpha1

v2.4_alpha2

v2.4_beta1

v2.4_beta2

v2.4_rc1

v2.4_rc2