UBUNTU-CVE-2024-3661

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-3661

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-3661

Upstream

CVE-2024-3661

Published

2024-05-06T19:15:00Z

Modified

2025-12-02T22:45:40.962025Z

Severity

7.6 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L CVSS Calculator
7.6 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L CVSS Calculator
Ubuntu - high

Summary

[none]

Details

DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.

References

Affected packages

Ubuntu:14.04:LTS

pptpd

Package

Name: pptpd
Purl: pkg:deb/ubuntu/pptpd@1.3.4+27+gddb30f8-1ubuntu1.1?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.4-6ubuntu1

1.3.4+27+gddb30f8-1ubuntu1

1.3.4+27+gddb30f8-1ubuntu1.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "bcrelay",
            "binary_version": "1.3.4+27+gddb30f8-1ubuntu1.1"
        },
        {
            "binary_name": "pptpd",
            "binary_version": "1.3.4+27+gddb30f8-1ubuntu1.1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

Ubuntu:16.04:LTS

network-manager-pptp

Package

Name: network-manager-pptp
Purl: pkg:deb/ubuntu/network-manager-pptp@1.1.93-1ubuntu1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.10.0-1ubuntu1

1.*

1.0.2-0ubuntu1

1.0.6-1ubuntu1

1.0.8-2ubuntu1

1.1.93-1

1.1.93-1ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-pptp",
            "binary_version": "1.1.93-1ubuntu1"
        },
        {
            "binary_name": "network-manager-pptp-gnome",
            "binary_version": "1.1.93-1ubuntu1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

pptp-linux

Package

Name: pptp-linux
Purl: pkg:deb/ubuntu/pptp-linux@1.8.0-1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.8.0-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "pptp-linux",
            "binary_version": "1.8.0-1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

pptpd

Package

Name: pptpd
Purl: pkg:deb/ubuntu/pptpd@1.4.0-7ubuntu0.2?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.4+27+gddb30f8-1ubuntu1

1.4.0-6

1.4.0-7

1.4.0-7ubuntu0.1

1.4.0-7ubuntu0.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "bcrelay",
            "binary_version": "1.4.0-7ubuntu0.2"
        },
        {
            "binary_name": "pptpd",
            "binary_version": "1.4.0-7ubuntu0.2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

gadmin-openvpn-client

Package

Name: gadmin-openvpn-client
Purl: pkg:deb/ubuntu/gadmin-openvpn-client@0.1.2-4?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.1.2-4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "gadmin-openvpn-client",
            "binary_version": "0.1.2-4"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

gadmin-openvpn-server

Package

Name: gadmin-openvpn-server
Purl: pkg:deb/ubuntu/gadmin-openvpn-server@0.1.5-3.1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.1.5-3.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "gadmin-openvpn-server",
            "binary_version": "0.1.5-3.1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

kvpnc

Package

Name: kvpnc
Purl: pkg:deb/ubuntu/kvpnc@0.9.6a-4?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.6a-2.1build1

0.9.6a-3

0.9.6a-4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "kvpnc",
            "binary_version": "0.9.6a-4"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

n2n

Package

Name: n2n
Purl: pkg:deb/ubuntu/n2n@1.3.1~svn3789-5?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.1~svn3789-5

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "n2n",
            "binary_version": "1.3.1~svn3789-5"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-iodine

Package

Name: network-manager-iodine
Purl: pkg:deb/ubuntu/network-manager-iodine@0.0.5-1ubuntu1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0.5-1ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-iodine",
            "binary_version": "0.0.5-1ubuntu1"
        },
        {
            "binary_name": "network-manager-iodine-gnome",
            "binary_version": "0.0.5-1ubuntu1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-openconnect

Package

Name: network-manager-openconnect
Purl: pkg:deb/ubuntu/network-manager-openconnect@1.2.0-0ubuntu0.16.04.1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.2-1build1

1.2.0-0ubuntu0.16.04.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-openconnect",
            "binary_version": "1.2.0-0ubuntu0.16.04.1"
        },
        {
            "binary_name": "network-manager-openconnect-gnome",
            "binary_version": "1.2.0-0ubuntu0.16.04.1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-openvpn

Package

Name: network-manager-openvpn
Purl: pkg:deb/ubuntu/network-manager-openvpn@1.1.93-1ubuntu1.1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.10.0-1ubuntu2

1.*

1.1.93-1

1.1.93-1ubuntu1

1.1.93-1ubuntu1.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-openvpn",
            "binary_version": "1.1.93-1ubuntu1.1"
        },
        {
            "binary_name": "network-manager-openvpn-gnome",
            "binary_version": "1.1.93-1ubuntu1.1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-strongswan

Package

Name: network-manager-strongswan
Purl: pkg:deb/ubuntu/network-manager-strongswan@1.3.1-1ubuntu1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.1-1ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-strongswan",
            "binary_version": "1.3.1-1ubuntu1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-vpnc

Package

Name: network-manager-vpnc
Purl: pkg:deb/ubuntu/network-manager-vpnc@1.1.93-1ubuntu0.1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.10.0-1ubuntu1

1.*

1.0.8-1ubuntu1

1.1.93-1

1.1.93-1ubuntu0.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-vpnc",
            "binary_version": "1.1.93-1ubuntu0.1"
        },
        {
            "binary_name": "network-manager-vpnc-gnome",
            "binary_version": "1.1.93-1ubuntu0.1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

openconnect

Package

Name: openconnect
Purl: pkg:deb/ubuntu/openconnect@7.06-2build2?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.06-2build1

7.06-2build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libopenconnect-dev",
            "binary_version": "7.06-2build2"
        },
        {
            "binary_name": "libopenconnect5",
            "binary_version": "7.06-2build2"
        },
        {
            "binary_name": "openconnect",
            "binary_version": "7.06-2build2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

sshuttle

Package

Name: sshuttle
Purl: pkg:deb/ubuntu/sshuttle@0.76-1ubuntu1.2?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.71-1

0.75-1

0.76-1

0.76-1ubuntu1

0.76-1ubuntu1.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "sshuttle",
            "binary_version": "0.76-1ubuntu1.2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

tinc

Package

Name: tinc
Purl: pkg:deb/ubuntu/tinc@1.0.26-1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.26-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "tinc",
            "binary_version": "1.0.26-1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

vpnc

Package

Name: vpnc
Purl: pkg:deb/ubuntu/vpnc@0.5.3r550-2build1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.5.3r550-2

0.5.3r550-2build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "vpnc",
            "binary_version": "0.5.3r550-2build1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

wireguard

Package

Name: wireguard
Purl: pkg:deb/ubuntu/wireguard@1.0.20200513-1~16.04.2?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.20200513-1~16.04.1

1.0.20200513-1~16.04.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "wireguard",
            "binary_version": "1.0.20200513-1~16.04.2"
        },
        {
            "binary_name": "wireguard-tools",
            "binary_version": "1.0.20200513-1~16.04.2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

Ubuntu:18.04:LTS

network-manager-openvpn

Package

Name: network-manager-openvpn
Purl: pkg:deb/ubuntu/network-manager-openvpn@1.8.2-1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.10-0ubuntu2

1.8.0-2

1.8.0-3

1.8.2-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-openvpn",
            "binary_version": "1.8.2-1"
        },
        {
            "binary_name": "network-manager-openvpn-gnome",
            "binary_version": "1.8.2-1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-pptp

Package

Name: network-manager-pptp
Purl: pkg:deb/ubuntu/network-manager-pptp@1.2.6-1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.4-4

1.2.4-5build1

1.2.6-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-pptp",
            "binary_version": "1.2.6-1"
        },
        {
            "binary_name": "network-manager-pptp-gnome",
            "binary_version": "1.2.6-1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

pptp-linux

Package

Name: pptp-linux
Purl: pkg:deb/ubuntu/pptp-linux@1.9.0+ds-2?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.9.0+ds-1

1.9.0+ds-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "pptp-linux",
            "binary_version": "1.9.0+ds-2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

pptpd

Package

Name: pptpd
Purl: pkg:deb/ubuntu/pptpd@1.4.0-11build1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.0-10

1.4.0-11

1.4.0-11build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "bcrelay",
            "binary_version": "1.4.0-11build1"
        },
        {
            "binary_name": "pptpd",
            "binary_version": "1.4.0-11build1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

gadmin-openvpn-client

Package

Name: gadmin-openvpn-client
Purl: pkg:deb/ubuntu/gadmin-openvpn-client@0.1.9-1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.1.9-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "gadmin-openvpn-client",
            "binary_version": "0.1.9-1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

gadmin-openvpn-server

Package

Name: gadmin-openvpn-server
Purl: pkg:deb/ubuntu/gadmin-openvpn-server@0.1.5-3.1build1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.1.5-3.1

0.1.5-3.1build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "gadmin-openvpn-server",
            "binary_version": "0.1.5-3.1build1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

kvpnc

Package

Name: kvpnc
Purl: pkg:deb/ubuntu/kvpnc@0.9.6a-4build1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.6a-4

0.9.6a-4build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "kvpnc",
            "binary_version": "0.9.6a-4build1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

libreswan

Package

Name: libreswan
Purl: pkg:deb/ubuntu/libreswan@3.23-4?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.20-7build1

3.21-2

3.22-1

3.22-2

3.22-3

3.22-4

3.23-1

3.23-4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libreswan",
            "binary_version": "3.23-4"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

n2n

Package

Name: n2n
Purl: pkg:deb/ubuntu/n2n@1.3.1~svn3789-7?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.1~svn3789-5

1.3.1~svn3789-5build1

1.3.1~svn3789-6

1.3.1~svn3789-7

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "n2n",
            "binary_version": "1.3.1~svn3789-7"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-fortisslvpn

Package

Name: network-manager-fortisslvpn
Purl: pkg:deb/ubuntu/network-manager-fortisslvpn@1.2.8-1ubuntu1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.8-1

1.2.8-1build1

1.2.8-1ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-fortisslvpn",
            "binary_version": "1.2.8-1ubuntu1"
        },
        {
            "binary_name": "network-manager-fortisslvpn-gnome",
            "binary_version": "1.2.8-1ubuntu1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-iodine

Package

Name: network-manager-iodine
Purl: pkg:deb/ubuntu/network-manager-iodine@1.2.0-3?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.0-1

1.2.0-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-iodine",
            "binary_version": "1.2.0-3"
        },
        {
            "binary_name": "network-manager-iodine-gnome",
            "binary_version": "1.2.0-3"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-l2tp

Package

Name: network-manager-l2tp
Purl: pkg:deb/ubuntu/network-manager-l2tp@1.2.8-2build1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.8-1

1.2.8-2build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-l2tp",
            "binary_version": "1.2.8-2build1"
        },
        {
            "binary_name": "network-manager-l2tp-gnome",
            "binary_version": "1.2.8-2build1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-openconnect

Package

Name: network-manager-openconnect
Purl: pkg:deb/ubuntu/network-manager-openconnect@1.2.4-1ubuntu1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.4-1

1.2.4-1ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-openconnect",
            "binary_version": "1.2.4-1ubuntu1"
        },
        {
            "binary_name": "network-manager-openconnect-gnome",
            "binary_version": "1.2.4-1ubuntu1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-strongswan

Package

Name: network-manager-strongswan
Purl: pkg:deb/ubuntu/network-manager-strongswan@1.4.2-2?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.2-1

1.4.2-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-strongswan",
            "binary_version": "1.4.2-2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-vpnc

Package

Name: network-manager-vpnc
Purl: pkg:deb/ubuntu/network-manager-vpnc@1.2.4-6ubuntu0.1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.4-4

1.2.4-6

1.2.4-6ubuntu0.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-vpnc",
            "binary_version": "1.2.4-6ubuntu0.1"
        },
        {
            "binary_name": "network-manager-vpnc-gnome",
            "binary_version": "1.2.4-6ubuntu0.1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

openconnect

Package

Name: openconnect
Purl: pkg:deb/ubuntu/openconnect@7.08-3ubuntu0.18.04.2?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.08-1

7.08-2

7.08-3

7.08-3ubuntu0.18.04.1

7.08-3ubuntu0.18.04.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libopenconnect-dev",
            "binary_version": "7.08-3ubuntu0.18.04.2"
        },
        {
            "binary_name": "libopenconnect5",
            "binary_version": "7.08-3ubuntu0.18.04.2"
        },
        {
            "binary_name": "openconnect",
            "binary_version": "7.08-3ubuntu0.18.04.2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

openfortivpn

Package

Name: openfortivpn
Purl: pkg:deb/ubuntu/openfortivpn@1.6.0-1build1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.6.0-1

1.6.0-1build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openfortivpn",
            "binary_version": "1.6.0-1build1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

quicktun

Package

Name: quicktun
Purl: pkg:deb/ubuntu/quicktun@2.2.6-2build1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.6-2

2.2.6-2build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "quicktun",
            "binary_version": "2.2.6-2build1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

sshuttle

Package

Name: sshuttle
Purl: pkg:deb/ubuntu/sshuttle@0.78.3-1ubuntu1.1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.78.3-1

0.78.3-1ubuntu1

0.78.3-1ubuntu1.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "sshuttle",
            "binary_version": "0.78.3-1ubuntu1.1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

tinc

Package

Name: tinc
Purl: pkg:deb/ubuntu/tinc@1.0.33-1build1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.31-1

1.0.32-1

1.0.33-1

1.0.33-1build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "tinc",
            "binary_version": "1.0.33-1build1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

vpnc

Package

Name: vpnc
Purl: pkg:deb/ubuntu/vpnc@0.5.3r550-3?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.5.3r550-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "vpnc",
            "binary_version": "0.5.3r550-3"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

wireguard

Package

Name: wireguard
Purl: pkg:deb/ubuntu/wireguard@1.0.20200513-1~18.04.2?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.20200513-1~18.04.1

1.0.20200513-1~18.04.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "wireguard",
            "binary_version": "1.0.20200513-1~18.04.2"
        },
        {
            "binary_name": "wireguard-tools",
            "binary_version": "1.0.20200513-1~18.04.2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

Ubuntu:20.04:LTS

network-manager-openvpn

Package

Name: network-manager-openvpn
Purl: pkg:deb/ubuntu/network-manager-openvpn@1.8.12-1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.8.10-1

1.8.10-1ubuntu1

1.8.12-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-openvpn",
            "binary_version": "1.8.12-1"
        },
        {
            "binary_name": "network-manager-openvpn-gnome",
            "binary_version": "1.8.12-1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-pptp

Package

Name: network-manager-pptp
Purl: pkg:deb/ubuntu/network-manager-pptp@1.2.8-2?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.8-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-pptp",
            "binary_version": "1.2.8-2"
        },
        {
            "binary_name": "network-manager-pptp-gnome",
            "binary_version": "1.2.8-2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

openvpn

Package

Name: openvpn
Purl: pkg:deb/ubuntu/openvpn@2.4.12-0ubuntu0.20.04.2?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4.7-1ubuntu2

2.4.7-1ubuntu2.20.04.2

2.4.7-1ubuntu2.20.04.3

2.4.7-1ubuntu2.20.04.4

2.4.12-0ubuntu0.20.04.1

2.4.12-0ubuntu0.20.04.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openvpn",
            "binary_version": "2.4.12-0ubuntu0.20.04.2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

pptp-linux

Package

Name: pptp-linux
Purl: pkg:deb/ubuntu/pptp-linux@1.10.0-1build1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.10.0-1build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "pptp-linux",
            "binary_version": "1.10.0-1build1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

pptpd

Package

Name: pptpd
Purl: pkg:deb/ubuntu/pptpd@1.4.0-11build1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.0-11build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "bcrelay",
            "binary_version": "1.4.0-11build1"
        },
        {
            "binary_name": "pptpd",
            "binary_version": "1.4.0-11build1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

connman

Package

Name: connman
Purl: pkg:deb/ubuntu/connman@1.36-2ubuntu0.1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.36-2build1

1.36-2ubuntu0.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "connman",
            "binary_version": "1.36-2ubuntu0.1"
        },
        {
            "binary_name": "connman-dev",
            "binary_version": "1.36-2ubuntu0.1"
        },
        {
            "binary_name": "connman-vpn",
            "binary_version": "1.36-2ubuntu0.1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

gadmin-openvpn-client

Package

Name: gadmin-openvpn-client
Purl: pkg:deb/ubuntu/gadmin-openvpn-client@0.1.9-1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.1.9-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "gadmin-openvpn-client",
            "binary_version": "0.1.9-1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

gadmin-openvpn-server

Package

Name: gadmin-openvpn-server
Purl: pkg:deb/ubuntu/gadmin-openvpn-server@0.1.5-3.1build1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.1.5-3.1build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "gadmin-openvpn-server",
            "binary_version": "0.1.5-3.1build1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

golang-github-apparentlymart-go-openvpn-mgmt

Package

Name: golang-github-apparentlymart-go-openvpn-mgmt
Purl: pkg:deb/ubuntu/golang-github-apparentlymart-go-openvpn-mgmt@0.0~git20161009.9a305ae-1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20161009.9a305ae-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-github-apparentlymart-go-openvpn-mgmt-dev",
            "binary_version": "0.0~git20161009.9a305ae-1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

libreswan

Package

Name: libreswan
Purl: pkg:deb/ubuntu/libreswan@3.29-2build1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.29-2

3.29-2build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libreswan",
            "binary_version": "3.29-2build1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

n2n

Package

Name: n2n
Purl: pkg:deb/ubuntu/n2n@1.3.1~svn3789-7?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.1~svn3789-7

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "n2n",
            "binary_version": "1.3.1~svn3789-7"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-fortisslvpn

Package

Name: network-manager-fortisslvpn
Purl: pkg:deb/ubuntu/network-manager-fortisslvpn@1.2.10-0ubuntu1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.8-2

1.2.10-0ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-fortisslvpn",
            "binary_version": "1.2.10-0ubuntu1"
        },
        {
            "binary_name": "network-manager-fortisslvpn-gnome",
            "binary_version": "1.2.10-0ubuntu1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-iodine

Package

Name: network-manager-iodine
Purl: pkg:deb/ubuntu/network-manager-iodine@1.2.0-3?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.0-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-iodine",
            "binary_version": "1.2.0-3"
        },
        {
            "binary_name": "network-manager-iodine-gnome",
            "binary_version": "1.2.0-3"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-l2tp

Package

Name: network-manager-l2tp
Purl: pkg:deb/ubuntu/network-manager-l2tp@1.2.16-1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.10-1

1.2.14-1

1.2.16-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-l2tp",
            "binary_version": "1.2.16-1"
        },
        {
            "binary_name": "network-manager-l2tp-gnome",
            "binary_version": "1.2.16-1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-openconnect

Package

Name: network-manager-openconnect
Purl: pkg:deb/ubuntu/network-manager-openconnect@1.2.6-1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.4-2ubuntu1

1.2.4-4

1.2.6-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-openconnect",
            "binary_version": "1.2.6-1"
        },
        {
            "binary_name": "network-manager-openconnect-gnome",
            "binary_version": "1.2.6-1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-strongswan

Package

Name: network-manager-strongswan
Purl: pkg:deb/ubuntu/network-manager-strongswan@1.4.5-2.1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.4-2

1.4.5-2.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-strongswan",
            "binary_version": "1.4.5-2.1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-vpnc

Package

Name: network-manager-vpnc
Purl: pkg:deb/ubuntu/network-manager-vpnc@1.2.6-2?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.6-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-vpnc",
            "binary_version": "1.2.6-2"
        },
        {
            "binary_name": "network-manager-vpnc-gnome",
            "binary_version": "1.2.6-2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

openconnect

Package

Name: openconnect
Purl: pkg:deb/ubuntu/openconnect@8.05-1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.02-1build1

8.05-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libopenconnect-dev",
            "binary_version": "8.05-1"
        },
        {
            "binary_name": "libopenconnect5",
            "binary_version": "8.05-1"
        },
        {
            "binary_name": "openconnect",
            "binary_version": "8.05-1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

openfortivpn

Package

Name: openfortivpn
Purl: pkg:deb/ubuntu/openfortivpn@1.12.0-1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.10.0-1

1.12.0-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openfortivpn",
            "binary_version": "1.12.0-1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

quicktun

Package

Name: quicktun
Purl: pkg:deb/ubuntu/quicktun@2.2.6-2build2?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.6-2build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "quicktun",
            "binary_version": "2.2.6-2build2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

sshuttle

Package

Name: sshuttle
Purl: pkg:deb/ubuntu/sshuttle@0.78.5-1ubuntu1.1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.78.5-1

0.78.5-1ubuntu1.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "sshuttle",
            "binary_version": "0.78.5-1ubuntu1.1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

tinc

Package

Name: tinc
Purl: pkg:deb/ubuntu/tinc@1.0.36-1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.35-2build1

1.0.36-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "tinc",
            "binary_version": "1.0.36-1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

vpnc

Package

Name: vpnc
Purl: pkg:deb/ubuntu/vpnc@0.5.3r550-3.1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.5.3r550-3.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "vpnc",
            "binary_version": "0.5.3r550-3.1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

wireguard

Package

Name: wireguard
Purl: pkg:deb/ubuntu/wireguard@1.0.20200513-1~20.04.2?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0.20190913-1ubuntu1

0.0.20191212-1ubuntu1

0.0.20191219-1ubuntu1

1.*

1.0.20200102-1ubuntu1

1.0.20200121-1ubuntu1

1.0.20200121-2ubuntu1

1.0.20200206-1ubuntu1

1.0.20200206-2ubuntu1

1.0.20200319-1ubuntu1

1.0.20200513-1~20.04.1

1.0.20200513-1~20.04.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "wireguard",
            "binary_version": "1.0.20200513-1~20.04.2"
        },
        {
            "binary_name": "wireguard-tools",
            "binary_version": "1.0.20200513-1~20.04.2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

Ubuntu:22.04:LTS

connman

Package

Name: connman
Purl: pkg:deb/ubuntu/connman@1.36-2.3ubuntu0.1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.36-2.2build1

1.36-2.3

1.36-2.3build1

1.36-2.3ubuntu0.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "connman",
            "binary_version": "1.36-2.3ubuntu0.1"
        },
        {
            "binary_name": "connman-dev",
            "binary_version": "1.36-2.3ubuntu0.1"
        },
        {
            "binary_name": "connman-vpn",
            "binary_version": "1.36-2.3ubuntu0.1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

golang-github-apparentlymart-go-openvpn-mgmt

Package

Name: golang-github-apparentlymart-go-openvpn-mgmt
Purl: pkg:deb/ubuntu/golang-github-apparentlymart-go-openvpn-mgmt@0.0~git20161009.9a305ae-1.1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20161009.9a305ae-1.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-github-apparentlymart-go-openvpn-mgmt-dev",
            "binary_version": "0.0~git20161009.9a305ae-1.1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

libreswan

Package

Name: libreswan
Purl: pkg:deb/ubuntu/libreswan@3.32-3ubuntu3?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.32-3ubuntu3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libreswan",
            "binary_version": "3.32-3ubuntu3"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

mozillavpn

Package

Name: mozillavpn
Purl: pkg:deb/ubuntu/mozillavpn@2.2.0-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.0-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "mozillavpn",
            "binary_version": "2.2.0-1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

n2n

Package

Name: n2n
Purl: pkg:deb/ubuntu/n2n@1.3.1~svn3789-7?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.1~svn3789-7

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "n2n",
            "binary_version": "1.3.1~svn3789-7"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-fortisslvpn

Package

Name: network-manager-fortisslvpn
Purl: pkg:deb/ubuntu/network-manager-fortisslvpn@1.2.10-0ubuntu3?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.10-0ubuntu2

1.2.10-0ubuntu3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-fortisslvpn",
            "binary_version": "1.2.10-0ubuntu3"
        },
        {
            "binary_name": "network-manager-fortisslvpn-gnome",
            "binary_version": "1.2.10-0ubuntu3"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-iodine

Package

Name: network-manager-iodine
Purl: pkg:deb/ubuntu/network-manager-iodine@1.2.0-3.1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.0-3ubuntu1

1.2.0-3.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-iodine",
            "binary_version": "1.2.0-3.1"
        },
        {
            "binary_name": "network-manager-iodine-gnome",
            "binary_version": "1.2.0-3.1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-l2tp

Package

Name: network-manager-l2tp
Purl: pkg:deb/ubuntu/network-manager-l2tp@1.20.0-1build2?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.18-1build1

1.20.0-1

1.20.0-1build1

1.20.0-1build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-l2tp",
            "binary_version": "1.20.0-1build2"
        },
        {
            "binary_name": "network-manager-l2tp-gnome",
            "binary_version": "1.20.0-1build2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-openconnect

Package

Name: network-manager-openconnect
Purl: pkg:deb/ubuntu/network-manager-openconnect@1.2.6-4?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.6-1

1.2.6-2

1.2.6-3

1.2.6-4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-openconnect",
            "binary_version": "1.2.6-4"
        },
        {
            "binary_name": "network-manager-openconnect-gnome",
            "binary_version": "1.2.6-4"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-openvpn

Package

Name: network-manager-openvpn
Purl: pkg:deb/ubuntu/network-manager-openvpn@1.8.18-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.8.14-1

1.8.16-1

1.8.18-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-openvpn",
            "binary_version": "1.8.18-1"
        },
        {
            "binary_name": "network-manager-openvpn-gnome",
            "binary_version": "1.8.18-1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-pptp

Package

Name: network-manager-pptp
Purl: pkg:deb/ubuntu/network-manager-pptp@1.2.10-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.8-3build1

1.2.8-4

1.2.8-4build1

1.2.10-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-pptp",
            "binary_version": "1.2.10-1"
        },
        {
            "binary_name": "network-manager-pptp-gnome",
            "binary_version": "1.2.10-1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-sstp

Package

Name: network-manager-sstp
Purl: pkg:deb/ubuntu/network-manager-sstp@1.3.0-0ubuntu1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.0-0ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-sstp",
            "binary_version": "1.3.0-0ubuntu1"
        },
        {
            "binary_name": "network-manager-sstp-gnome",
            "binary_version": "1.3.0-0ubuntu1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-strongswan

Package

Name: network-manager-strongswan
Purl: pkg:deb/ubuntu/network-manager-strongswan@1.5.2-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.5.2-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-strongswan",
            "binary_version": "1.5.2-1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-vpnc

Package

Name: network-manager-vpnc
Purl: pkg:deb/ubuntu/network-manager-vpnc@1.2.8-2?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.6-3

1.2.6-4

1.2.8-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-vpnc",
            "binary_version": "1.2.8-2"
        },
        {
            "binary_name": "network-manager-vpnc-gnome",
            "binary_version": "1.2.8-2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

openconnect

Package

Name: openconnect
Purl: pkg:deb/ubuntu/openconnect@8.20-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.10-2build1

8.10-3

8.10-4

8.10-5

8.10-7

8.10-8

8.20-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libopenconnect-dev",
            "binary_version": "8.20-1"
        },
        {
            "binary_name": "libopenconnect5",
            "binary_version": "8.20-1"
        },
        {
            "binary_name": "openconnect",
            "binary_version": "8.20-1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

openfortivpn

Package

Name: openfortivpn
Purl: pkg:deb/ubuntu/openfortivpn@1.17.1-1build1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.15.0-1

1.17.0-1

1.17.1-1

1.17.1-1build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openfortivpn",
            "binary_version": "1.17.1-1build1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

openvpn

Package

Name: openvpn
Purl: pkg:deb/ubuntu/openvpn@2.5.11-0ubuntu0.22.04.1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.5.1-3ubuntu1

2.5.1-3ubuntu2

2.5.1-3ubuntu4

2.5.1-3ubuntu5

2.5.5-1ubuntu1

2.5.5-1ubuntu3

2.5.5-1ubuntu3.1

2.5.9-0ubuntu0.22.04.2

2.5.9-0ubuntu0.22.04.3

2.5.11-0ubuntu0.22.04.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openvpn",
            "binary_version": "2.5.11-0ubuntu0.22.04.1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

pptp-linux

Package

Name: pptp-linux
Purl: pkg:deb/ubuntu/pptp-linux@1.10.0-1build3?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.10.0-1build2

1.10.0-1build3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "pptp-linux",
            "binary_version": "1.10.0-1build3"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

pptpd

Package

Name: pptpd
Purl: pkg:deb/ubuntu/pptpd@1.4.0-12build2?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.0-12build1

1.4.0-12build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "bcrelay",
            "binary_version": "1.4.0-12build2"
        },
        {
            "binary_name": "pptpd",
            "binary_version": "1.4.0-12build2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

quicktun

Package

Name: quicktun
Purl: pkg:deb/ubuntu/quicktun@2.2.6-2build2?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.6-2build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "quicktun",
            "binary_version": "2.2.6-2build2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

softether-vpn

Package

Name: softether-vpn
Purl: pkg:deb/ubuntu/softether-vpn@5.01.9674+git20200806+8181039+dfsg2-2build1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.01.9674+git20200806+8181039+dfsg2-2

5.01.9674+git20200806+8181039+dfsg2-2build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "softether-common",
            "binary_version": "5.01.9674+git20200806+8181039+dfsg2-2build1"
        },
        {
            "binary_name": "softether-vpnbridge",
            "binary_version": "5.01.9674+git20200806+8181039+dfsg2-2build1"
        },
        {
            "binary_name": "softether-vpnclient",
            "binary_version": "5.01.9674+git20200806+8181039+dfsg2-2build1"
        },
        {
            "binary_name": "softether-vpncmd",
            "binary_version": "5.01.9674+git20200806+8181039+dfsg2-2build1"
        },
        {
            "binary_name": "softether-vpnserver",
            "binary_version": "5.01.9674+git20200806+8181039+dfsg2-2build1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

sshuttle

Package

Name: sshuttle
Purl: pkg:deb/ubuntu/sshuttle@1.0.5-1ubuntu4?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.5-1ubuntu3

1.0.5-1ubuntu4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "sshuttle",
            "binary_version": "1.0.5-1ubuntu4"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

tinc

Package

Name: tinc
Purl: pkg:deb/ubuntu/tinc@1.0.36-2build1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.36-2

1.0.36-2build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "tinc",
            "binary_version": "1.0.36-2build1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

vpnc

Package

Name: vpnc
Purl: pkg:deb/ubuntu/vpnc@0.5.3+git20210125-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.5.3+git20210125-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "vpnc",
            "binary_version": "0.5.3+git20210125-1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

wireguard

Package

Name: wireguard
Purl: pkg:deb/ubuntu/wireguard@1.0.20210914-1ubuntu2?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.20210424-1ubuntu1

1.0.20210914-1ubuntu1

1.0.20210914-1ubuntu2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "wireguard",
            "binary_version": "1.0.20210914-1ubuntu2"
        },
        {
            "binary_name": "wireguard-tools",
            "binary_version": "1.0.20210914-1ubuntu2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

Ubuntu:24.04:LTS

connman

Package

Name: connman
Purl: pkg:deb/ubuntu/connman@1.42-5build3?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.41-3

1.42-1

1.42-3

1.42-5

1.42-5build2

1.42-5build3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "connman",
            "binary_version": "1.42-5build3"
        },
        {
            "binary_name": "connman-dev",
            "binary_version": "1.42-5build3"
        },
        {
            "binary_name": "connman-tests",
            "binary_version": "1.42-5build3"
        },
        {
            "binary_name": "connman-vpn",
            "binary_version": "1.42-5build3"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

golang-github-apparentlymart-go-openvpn-mgmt

Package

Name: golang-github-apparentlymart-go-openvpn-mgmt
Purl: pkg:deb/ubuntu/golang-github-apparentlymart-go-openvpn-mgmt@0.0~git20161009.9a305ae-1.1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20161009.9a305ae-1.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-github-apparentlymart-go-openvpn-mgmt-dev",
            "binary_version": "0.0~git20161009.9a305ae-1.1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

libreswan

Package

Name: libreswan
Purl: pkg:deb/ubuntu/libreswan@4.14-1ubuntu2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.11-1ubuntu1

4.12-1ubuntu1

4.14-1ubuntu1

4.14-1ubuntu2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libreswan",
            "binary_version": "4.14-1ubuntu2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

n2n

Package

Name: n2n
Purl: pkg:deb/ubuntu/n2n@1.3.1~svn3789-7?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.1~svn3789-7

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "n2n",
            "binary_version": "1.3.1~svn3789-7"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-fortisslvpn

Package

Name: network-manager-fortisslvpn
Purl: pkg:deb/ubuntu/network-manager-fortisslvpn@1.4.0-1build2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.0-0.1

1.4.0-1

1.4.0-1build1

1.4.0-1build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-fortisslvpn",
            "binary_version": "1.4.0-1build2"
        },
        {
            "binary_name": "network-manager-fortisslvpn-gnome",
            "binary_version": "1.4.0-1build2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-iodine

Package

Name: network-manager-iodine
Purl: pkg:deb/ubuntu/network-manager-iodine@1.2.0-3.3build2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.0-3.2

1.2.0-3.3

1.2.0-3.3build1

1.2.0-3.3build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-iodine",
            "binary_version": "1.2.0-3.3build2"
        },
        {
            "binary_name": "network-manager-iodine-gnome",
            "binary_version": "1.2.0-3.3build2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-l2tp

Package

Name: network-manager-l2tp
Purl: pkg:deb/ubuntu/network-manager-l2tp@1.20.12-1build2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.20.8-1

1.20.10-1

1.20.12-1

1.20.12-1build1

1.20.12-1build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-l2tp",
            "binary_version": "1.20.12-1build2"
        },
        {
            "binary_name": "network-manager-l2tp-gnome",
            "binary_version": "1.20.12-1build2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-openconnect

Package

Name: network-manager-openconnect
Purl: pkg:deb/ubuntu/network-manager-openconnect@1.2.10-3build2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.10-1

1.2.10-2

1.2.10-2ubuntu1

1.2.10-3

1.2.10-3build1

1.2.10-3build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-openconnect",
            "binary_version": "1.2.10-3build2"
        },
        {
            "binary_name": "network-manager-openconnect-gnome",
            "binary_version": "1.2.10-3build2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-openvpn

Package

Name: network-manager-openvpn
Purl: pkg:deb/ubuntu/network-manager-openvpn@1.10.2-4build2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.10.2-3

1.10.2-4

1.10.2-4build1

1.10.2-4build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-openvpn",
            "binary_version": "1.10.2-4build2"
        },
        {
            "binary_name": "network-manager-openvpn-gnome",
            "binary_version": "1.10.2-4build2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-pptp

Package

Name: network-manager-pptp
Purl: pkg:deb/ubuntu/network-manager-pptp@1.2.12-3build2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.12-2

1.2.12-3

1.2.12-3build1

1.2.12-3build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-pptp",
            "binary_version": "1.2.12-3build2"
        },
        {
            "binary_name": "network-manager-pptp-gnome",
            "binary_version": "1.2.12-3build2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-sstp

Package

Name: network-manager-sstp
Purl: pkg:deb/ubuntu/network-manager-sstp@1.3.2-1build2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.1-1

1.3.1-2

1.3.2-1

1.3.2-1build1

1.3.2-1build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-sstp",
            "binary_version": "1.3.2-1build2"
        },
        {
            "binary_name": "network-manager-sstp-gnome",
            "binary_version": "1.3.2-1build2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-strongswan

Package

Name: network-manager-strongswan
Purl: pkg:deb/ubuntu/network-manager-strongswan@1.6.0-3build2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.6.0-2.1

1.6.0-3

1.6.0-3build1

1.6.0-3build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-strongswan",
            "binary_version": "1.6.0-3build2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-vpnc

Package

Name: network-manager-vpnc
Purl: pkg:deb/ubuntu/network-manager-vpnc@1.2.8-7build2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.8-5

1.2.8-7

1.2.8-7build1

1.2.8-7build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-vpnc",
            "binary_version": "1.2.8-7build2"
        },
        {
            "binary_name": "network-manager-vpnc-gnome",
            "binary_version": "1.2.8-7build2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

openconnect

Package

Name: openconnect
Purl: pkg:deb/ubuntu/openconnect@9.12-1build5?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.12-1

9.12-1build1

9.12-1build3

9.12-1build4

9.12-1build5

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libopenconnect-dev",
            "binary_version": "9.12-1build5"
        },
        {
            "binary_name": "libopenconnect5",
            "binary_version": "9.12-1build5"
        },
        {
            "binary_name": "openconnect",
            "binary_version": "9.12-1build5"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

openfortivpn

Package

Name: openfortivpn
Purl: pkg:deb/ubuntu/openfortivpn@1.21.0-2build2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.20.5-1

1.21.0-1

1.21.0-2

1.21.0-2build1

1.21.0-2build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openfortivpn",
            "binary_version": "1.21.0-2build2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

openvpn

Package

Name: openvpn
Purl: pkg:deb/ubuntu/openvpn@2.6.14-0ubuntu0.24.04.3?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.6.5-0ubuntu1

2.6.7-1ubuntu1

2.6.9-1ubuntu2

2.6.9-1ubuntu3

2.6.9-1ubuntu4

2.6.9-1ubuntu4.1

2.6.12-0ubuntu0.24.04.1

2.6.12-0ubuntu0.24.04.3

2.6.14-0ubuntu0.24.04.1

2.6.14-0ubuntu0.24.04.2

2.6.14-0ubuntu0.24.04.3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openvpn",
            "binary_version": "2.6.14-0ubuntu0.24.04.3"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

pptp-linux

Package

Name: pptp-linux
Purl: pkg:deb/ubuntu/pptp-linux@1.10.0-1build4?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.10.0-1build3

1.10.0-1build4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "pptp-linux",
            "binary_version": "1.10.0-1build4"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

quicktun

Package

Name: quicktun
Purl: pkg:deb/ubuntu/quicktun@2.2.6-2build2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.6-2build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "quicktun",
            "binary_version": "2.2.6-2build2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

riseup-vpn

Package

Name: riseup-vpn
Purl: pkg:deb/ubuntu/riseup-vpn@0.21.11+ds1-5ubuntu2.3?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.21.11+ds1-5build1

0.21.11+ds1-5ubuntu1

0.21.11+ds1-5ubuntu2

0.21.11+ds1-5ubuntu2.1

0.21.11+ds1-5ubuntu2.2

0.21.11+ds1-5ubuntu2.3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "riseup-vpn",
            "binary_version": "0.21.11+ds1-5ubuntu2.3"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

softether-vpn

Package

Name: softether-vpn
Purl: pkg:deb/ubuntu/softether-vpn@5.01.9674+git20200806+8181039+dfsg2-2build3?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.01.9674+git20200806+8181039+dfsg2-2build1

5.01.9674+git20200806+8181039+dfsg2-2build2

5.01.9674+git20200806+8181039+dfsg2-2build3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "softether-common",
            "binary_version": "5.01.9674+git20200806+8181039+dfsg2-2build3"
        },
        {
            "binary_name": "softether-vpnbridge",
            "binary_version": "5.01.9674+git20200806+8181039+dfsg2-2build3"
        },
        {
            "binary_name": "softether-vpnclient",
            "binary_version": "5.01.9674+git20200806+8181039+dfsg2-2build3"
        },
        {
            "binary_name": "softether-vpncmd",
            "binary_version": "5.01.9674+git20200806+8181039+dfsg2-2build3"
        },
        {
            "binary_name": "softether-vpnserver",
            "binary_version": "5.01.9674+git20200806+8181039+dfsg2-2build3"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

sshuttle

Package

Name: sshuttle
Purl: pkg:deb/ubuntu/sshuttle@1.1.1-2ubuntu2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.5-1ubuntu4

1.1.1-2ubuntu1

1.1.1-2ubuntu2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "sshuttle",
            "binary_version": "1.1.1-2ubuntu2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

tinc

Package

Name: tinc
Purl: pkg:deb/ubuntu/tinc@1.0.36-2build3?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.36-2build1

1.0.36-2build2

1.0.36-2build3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "tinc",
            "binary_version": "1.0.36-2build3"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

vpnc

Package

Name: vpnc
Purl: pkg:deb/ubuntu/vpnc@0.5.3+git20220927-1build2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.5.3+git20220927-1

0.5.3+git20220927-1build1

0.5.3+git20220927-1build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "vpnc",
            "binary_version": "0.5.3+git20220927-1build2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

wireguard

Package

Name: wireguard
Purl: pkg:deb/ubuntu/wireguard@1.0.20210914-1ubuntu4?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.20210914-1ubuntu3

1.0.20210914-1ubuntu4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "wireguard",
            "binary_version": "1.0.20210914-1ubuntu4"
        },
        {
            "binary_name": "wireguard-tools",
            "binary_version": "1.0.20210914-1ubuntu4"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

Ubuntu:25.04

connman

Package

Name: connman
Purl: pkg:deb/ubuntu/connman@1.43-1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.42-5build4

1.43-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "connman",
            "binary_version": "1.43-1"
        },
        {
            "binary_name": "connman-dev",
            "binary_version": "1.43-1"
        },
        {
            "binary_name": "connman-tests",
            "binary_version": "1.43-1"
        },
        {
            "binary_name": "connman-vpn",
            "binary_version": "1.43-1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

golang-github-apparentlymart-go-openvpn-mgmt

Package

Name: golang-github-apparentlymart-go-openvpn-mgmt
Purl: pkg:deb/ubuntu/golang-github-apparentlymart-go-openvpn-mgmt@0.0~git20161009.9a305ae-1.1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20161009.9a305ae-1.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-github-apparentlymart-go-openvpn-mgmt-dev",
            "binary_version": "0.0~git20161009.9a305ae-1.1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

libreswan

Package

Name: libreswan
Purl: pkg:deb/ubuntu/libreswan@4.14-1ubuntu2?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.14-1ubuntu2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libreswan",
            "binary_version": "4.14-1ubuntu2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

n2n

Package

Name: n2n
Purl: pkg:deb/ubuntu/n2n@1.3.1~svn3789-7?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.1~svn3789-7

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "n2n",
            "binary_version": "1.3.1~svn3789-7"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-fortisslvpn

Package

Name: network-manager-fortisslvpn
Purl: pkg:deb/ubuntu/network-manager-fortisslvpn@1.4.0-1.1build3?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.0-1.1build1

1.4.0-1.1build2

1.4.0-1.1build3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-fortisslvpn",
            "binary_version": "1.4.0-1.1build3"
        },
        {
            "binary_name": "network-manager-fortisslvpn-gnome",
            "binary_version": "1.4.0-1.1build3"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-iodine

Package

Name: network-manager-iodine
Purl: pkg:deb/ubuntu/network-manager-iodine@1.2.0-3.3build2?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.0-3.3build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-iodine",
            "binary_version": "1.2.0-3.3build2"
        },
        {
            "binary_name": "network-manager-iodine-gnome",
            "binary_version": "1.2.0-3.3build2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-l2tp

Package

Name: network-manager-l2tp
Purl: pkg:deb/ubuntu/network-manager-l2tp@1.20.20-2?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.20.16-1build1

1.20.16-1build2

1.20.20-1

1.20.20-1build1

1.20.20-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-l2tp",
            "binary_version": "1.20.20-2"
        },
        {
            "binary_name": "network-manager-l2tp-gnome",
            "binary_version": "1.20.20-2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-openconnect

Package

Name: network-manager-openconnect
Purl: pkg:deb/ubuntu/network-manager-openconnect@1.2.10-3build2?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.10-3build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-openconnect",
            "binary_version": "1.2.10-3build2"
        },
        {
            "binary_name": "network-manager-openconnect-gnome",
            "binary_version": "1.2.10-3build2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-openvpn

Package

Name: network-manager-openvpn
Purl: pkg:deb/ubuntu/network-manager-openvpn@1.12.0-2?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.12.0-1

1.12.0-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-openvpn",
            "binary_version": "1.12.0-2"
        },
        {
            "binary_name": "network-manager-openvpn-gnome",
            "binary_version": "1.12.0-2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-pptp

Package

Name: network-manager-pptp
Purl: pkg:deb/ubuntu/network-manager-pptp@1.2.12-4build2?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.12-4

1.2.12-4build1

1.2.12-4build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-pptp",
            "binary_version": "1.2.12-4build2"
        },
        {
            "binary_name": "network-manager-pptp-gnome",
            "binary_version": "1.2.12-4build2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-sstp

Package

Name: network-manager-sstp
Purl: pkg:deb/ubuntu/network-manager-sstp@1.3.2-1build5?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.2-1build3

1.3.2-1build4

1.3.2-1build5

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-sstp",
            "binary_version": "1.3.2-1build5"
        },
        {
            "binary_name": "network-manager-sstp-gnome",
            "binary_version": "1.3.2-1build5"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-strongswan

Package

Name: network-manager-strongswan
Purl: pkg:deb/ubuntu/network-manager-strongswan@1.6.2-1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.6.0-3build2

1.6.1-2

1.6.2-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-strongswan",
            "binary_version": "1.6.2-1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

network-manager-vpnc

Package

Name: network-manager-vpnc
Purl: pkg:deb/ubuntu/network-manager-vpnc@1.4.0-2?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.8-8

1.4.0-1

1.4.0-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "network-manager-vpnc",
            "binary_version": "1.4.0-2"
        },
        {
            "binary_name": "network-manager-vpnc-gnome",
            "binary_version": "1.4.0-2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

openconnect

Package

Name: openconnect
Purl: pkg:deb/ubuntu/openconnect@9.12-3?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.12-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libopenconnect-dev",
            "binary_version": "9.12-3"
        },
        {
            "binary_name": "libopenconnect5",
            "binary_version": "9.12-3"
        },
        {
            "binary_name": "openconnect",
            "binary_version": "9.12-3"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

openfortivpn

Package

Name: openfortivpn
Purl: pkg:deb/ubuntu/openfortivpn@1.23.1-1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.22.1-1

1.23.1-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openfortivpn",
            "binary_version": "1.23.1-1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

openvpn

Package

Name: openvpn
Purl: pkg:deb/ubuntu/openvpn@2.6.14-0ubuntu0.25.04.3?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.6.12-1ubuntu1

2.6.13-1ubuntu1

2.6.13-1ubuntu2

2.6.13-1ubuntu3

2.6.14-0ubuntu0.25.04.1

2.6.14-0ubuntu0.25.04.2

2.6.14-0ubuntu0.25.04.3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openvpn",
            "binary_version": "2.6.14-0ubuntu0.25.04.3"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

pptp-linux

Package

Name: pptp-linux
Purl: pkg:deb/ubuntu/pptp-linux@1.10.0-2?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.10.0-1build4

1.10.0-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "pptp-linux",
            "binary_version": "1.10.0-2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

quicktun

Package

Name: quicktun
Purl: pkg:deb/ubuntu/quicktun@2.2.6-2build2?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.6-2build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "quicktun",
            "binary_version": "2.2.6-2build2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

riseup-vpn

Package

Name: riseup-vpn
Purl: pkg:deb/ubuntu/riseup-vpn@0.24.10+ds1-1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.24.5+ds1-2

0.24.8+ds2-1

0.24.8+ds2-2

0.24.10+ds1-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "riseup-vpn",
            "binary_version": "0.24.10+ds1-1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

softether-vpn

Package

Name: softether-vpn
Purl: pkg:deb/ubuntu/softether-vpn@5.01.9674+git20200806+8181039+dfsg3-1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.01.9674+git20200806+8181039+dfsg3-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "softether-common",
            "binary_version": "5.01.9674+git20200806+8181039+dfsg3-1"
        },
        {
            "binary_name": "softether-vpnbridge",
            "binary_version": "5.01.9674+git20200806+8181039+dfsg3-1"
        },
        {
            "binary_name": "softether-vpnclient",
            "binary_version": "5.01.9674+git20200806+8181039+dfsg3-1"
        },
        {
            "binary_name": "softether-vpncmd",
            "binary_version": "5.01.9674+git20200806+8181039+dfsg3-1"
        },
        {
            "binary_name": "softether-vpnserver",
            "binary_version": "5.01.9674+git20200806+8181039+dfsg3-1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

sshuttle

Package

Name: sshuttle
Purl: pkg:deb/ubuntu/sshuttle@1.1.1-2ubuntu2?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1.1-2ubuntu2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "sshuttle",
            "binary_version": "1.1.1-2ubuntu2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

tinc

Package

Name: tinc
Purl: pkg:deb/ubuntu/tinc@1.0.36-2.1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.36-2.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "tinc",
            "binary_version": "1.0.36-2.1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

vpnc

Package

Name: vpnc
Purl: pkg:deb/ubuntu/vpnc@0.5.3+git20241126-1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.5.3+git20240226-2

0.5.3+git20241126-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "vpnc",
            "binary_version": "0.5.3+git20241126-1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

wireguard

Package

Name: wireguard
Purl: pkg:deb/ubuntu/wireguard@1.0.20210914-1.1ubuntu2?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.20210914-1.1ubuntu1

1.0.20210914-1.1ubuntu2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "wireguard",
            "binary_version": "1.0.20210914-1.1ubuntu2"
        },
        {
            "binary_name": "wireguard-tools",
            "binary_version": "1.0.20210914-1.1ubuntu2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

Ubuntu:Pro:14.04:LTS

openvpn

Package

Name: openvpn
Purl: pkg:deb/ubuntu/openvpn@2.3.2-7ubuntu3.2+esm2?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.3.2-4ubuntu1

2.3.2-5ubuntu1

2.3.2-7ubuntu1

2.3.2-7ubuntu2

2.3.2-7ubuntu3

2.3.2-7ubuntu3.1

2.3.2-7ubuntu3.2

2.3.2-7ubuntu3.2+esm1

2.3.2-7ubuntu3.2+esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openvpn",
            "binary_version": "2.3.2-7ubuntu3.2+esm2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

Ubuntu:Pro:16.04:LTS

openvpn

Package

Name: openvpn
Purl: pkg:deb/ubuntu/openvpn@2.3.10-1ubuntu2.2+esm2?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.3.7-1ubuntu1

2.3.7-2ubuntu1

2.3.8-1ubuntu1

2.3.10-1ubuntu1

2.3.10-1ubuntu2

2.3.10-1ubuntu2.1

2.3.10-1ubuntu2.2

2.3.10-1ubuntu2.2+esm1

2.3.10-1ubuntu2.2+esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openvpn",
            "binary_version": "2.3.10-1ubuntu2.2+esm2"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

connman

Package

Name: connman
Purl: pkg:deb/ubuntu/connman@1.21-1.2+deb8u1ubuntu0.1~esm1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.21-1.2

1.21-1.2build1

1.21-1.2build2

1.21-1.2+deb8u1build0.16.04.1

1.21-1.2+deb8u1ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "connman",
            "binary_version": "1.21-1.2+deb8u1ubuntu0.1~esm1"
        },
        {
            "binary_name": "connman-dev",
            "binary_version": "1.21-1.2+deb8u1ubuntu0.1~esm1"
        },
        {
            "binary_name": "connman-vpn",
            "binary_version": "1.21-1.2+deb8u1ubuntu0.1~esm1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

Ubuntu:Pro:18.04:LTS

openvpn

Package

Name: openvpn
Purl: pkg:deb/ubuntu/openvpn@2.4.4-2ubuntu1.7+esm1?arch=source&distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4.3-4ubuntu1

2.4.4-1ubuntu1

2.4.4-2ubuntu1

2.4.4-2ubuntu1.1

2.4.4-2ubuntu1.2

2.4.4-2ubuntu1.3

2.4.4-2ubuntu1.5

2.4.4-2ubuntu1.6

2.4.4-2ubuntu1.7

2.4.4-2ubuntu1.7+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openvpn",
            "binary_version": "2.4.4-2ubuntu1.7+esm1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"

connman

Package

Name: connman
Purl: pkg:deb/ubuntu/connman@1.35-6ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.35-1

1.35-2

1.35-6

1.35-6ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "connman",
            "binary_version": "1.35-6ubuntu0.1~esm1"
        },
        {
            "binary_name": "connman-dev",
            "binary_version": "1.35-6ubuntu0.1~esm1"
        },
        {
            "binary_name": "connman-vpn",
            "binary_version": "1.35-6ubuntu0.1~esm1"
        }
    ],
    "priority_reason": "An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-3661.json"