CVE-2024-13454

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-13454
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-13454.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-13454
Downstream
Published
2025-01-20T21:15:21.453Z
Modified
2026-03-09T23:51:13.664129Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
[none]
Details

Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allows a local attacker to more easily bruteforce the private CA key when created using OpenSSL 3

References

Affected packages

Git / github.com/openvpn/easy-rsa

Affected ranges

Type
GIT
Repo
https://github.com/openvpn/easy-rsa
Events
Introduced
4152244bae2101018410df952e0bc00049947f8a
Last affected
3c233d279d43e419b0529411ee62bba7a08f0c0f
Database specific 
{
    "versions": [
        {
            "introduced": "3.0.5"
        },
        {
            "last_affected": "3.1.7"
        }
    ]
}

Affected versions

v3.*
v3.0.5
v3.0.7
v3.0.8
v3.0.9
v3.0.9-rc1
v3.1.0
v3.1.0-rc1
v3.1.1
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.1.7

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-13454.json"