{"api_version":"1","generated_at":"2026-04-23T08:15:25+00:00","cve":"CVE-2020-11810","urls":{"html":"https://cve.report/CVE-2020-11810","api":"https://cve.report/api/cve/CVE-2020-11810.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-11810","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-11810"},"summary":{"title":"CVE-2020-11810","description":"An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be dropped. This requires careful timing due to the small time window (usually within a few seconds) between the victim client connection starting and the server PUSH_REPLY response back to the client. This attack will only work if Negotiable Cipher Parameters (NCP) is in use.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2020-04-27 15:15:00","updated_at":"2023-11-07 03:15:00"},"problem_types":["CWE-362"],"metrics":[],"references":[{"url":"https://community.openvpn.net/openvpn/ticket/1272","name":"https://community.openvpn.net/openvpn/ticket/1272","refsource":"CONFIRM","tags":["Exploit","Vendor Advisory"],"title":"#1272 (One client kills other client session via false client floating)\n     – OpenVPN Community","mime":"text/html","httpstatus":"503","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JII7RYYYRBPQNEGGVSOXCM7JUZ43T3VH/","name":"FEDORA-2020-969414e05b","refsource":"","tags":[],"title":"[SECURITY] Fedora 30 Update: openvpn-2.4.9-1.fc30 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/OpenVPN/openvpn/commit/37bc691e7d26ea4eb61a8a434ebd7a9ae76225ab","name":"https://github.com/OpenVPN/openvpn/commit/37bc691e7d26ea4eb61a8a434ebd7a9ae76225ab","refsource":"CONFIRM","tags":["Patch","Third Party Advisory"],"title":"Fix illegal client float (CVE-2020-11810) · OpenVPN/openvpn@37bc691 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGHHV4YZANZW45KZTJJGVGPFMSXYRCKZ/","name":"FEDORA-2020-c1cb4ebcd9","refsource":"FEDORA","tags":["Mailing List","Patch","Third Party Advisory"],"title":"[SECURITY] Fedora 32 Update: openvpn-2.4.9-1.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1169925","name":"https://bugzilla.suse.com/show_bug.cgi?id=1169925","refsource":"CONFIRM","tags":["Issue Tracking","Third Party Advisory"],"title":"Bug 1169925 – VUL-1: CVE-2020-11810: openvpn: race condition between allocating peer-id and initializing data channel key","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security-tracker.debian.org/tracker/CVE-2020-11810","name":"https://security-tracker.debian.org/tracker/CVE-2020-11810","refsource":"MISC","tags":["Third Party Advisory"],"title":"CVE-2020-11810","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JII7RYYYRBPQNEGGVSOXCM7JUZ43T3VH/","name":"FEDORA-2020-969414e05b","refsource":"FEDORA","tags":["Mailing List","Patch","Third Party Advisory"],"title":"[SECURITY] Fedora 30 Update: openvpn-2.4.9-1.fc30 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html","name":"[debian-lts-announce] 20220503 [SECURITY] [DLA 2992-1] openvpn security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2992-1] openvpn security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://patchwork.openvpn.net/patch/1079/","name":"https://patchwork.openvpn.net/patch/1079/","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"[Openvpn-devel,v2] Fix illegal client float - Patchwork","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGHHV4YZANZW45KZTJJGVGPFMSXYRCKZ/","name":"FEDORA-2020-c1cb4ebcd9","refsource":"","tags":[],"title":"[SECURITY] Fedora 32 Update: openvpn-2.4.9-1.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-11810","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11810","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"11810","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"11810","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"11810","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"11810","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"11810","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"11810","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"11810","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"30","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"11810","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"32","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"11810","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"30","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"11810","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"32","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"11810","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openvpn","cpe5":"openvpn","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"11810","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openvpn","cpe5":"openvpn","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-11810","qid":"174999","title":"SUSE Enterprise Linux Security Update for openvpn (SUSE-SU-2021:1577-1)"},{"cve":"CVE-2020-11810","qid":"179259","title":"Debian Security Update for Open Virtual Private Network (OpenVPN) (DLA 2992-1)"},{"cve":"CVE-2020-11810","qid":"198352","title":"Ubuntu Security Notification for OpenVPN vulnerabilities (USN-4933-1)"},{"cve":"CVE-2020-11810","qid":"500504","title":"Alpine Linux Security Update for Open Virtual Private Network (OpenVPN)"},{"cve":"CVE-2020-11810","qid":"500572","title":"Alpine Linux Security Update for Open Virtual Private Network (OpenVPN)"},{"cve":"CVE-2020-11810","qid":"500771","title":"Alpine Linux Security Update for openvpn"},{"cve":"CVE-2020-11810","qid":"501171","title":"Alpine Linux Security Update for openvpn"},{"cve":"CVE-2020-11810","qid":"504261","title":"Alpine Linux Security Update for openvpn"},{"cve":"CVE-2020-11810","qid":"750210","title":"OpenSUSE Security Update for openvpn (openSUSE-SU-2021:0734-1)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2020-11810","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be dropped. This requires careful timing due to the small time window (usually within a few seconds) between the victim client connection starting and the server PUSH_REPLY response back to the client. This attack will only work if Negotiable Cipher Parameters (NCP) is in use."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://github.com/OpenVPN/openvpn/commit/37bc691e7d26ea4eb61a8a434ebd7a9ae76225ab","url":"https://github.com/OpenVPN/openvpn/commit/37bc691e7d26ea4eb61a8a434ebd7a9ae76225ab"},{"refsource":"MISC","name":"https://security-tracker.debian.org/tracker/CVE-2020-11810","url":"https://security-tracker.debian.org/tracker/CVE-2020-11810"},{"refsource":"CONFIRM","name":"https://bugzilla.suse.com/show_bug.cgi?id=1169925","url":"https://bugzilla.suse.com/show_bug.cgi?id=1169925"},{"refsource":"CONFIRM","name":"https://community.openvpn.net/openvpn/ticket/1272","url":"https://community.openvpn.net/openvpn/ticket/1272"},{"refsource":"CONFIRM","name":"https://patchwork.openvpn.net/patch/1079/","url":"https://patchwork.openvpn.net/patch/1079/"},{"refsource":"FEDORA","name":"FEDORA-2020-c1cb4ebcd9","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGHHV4YZANZW45KZTJJGVGPFMSXYRCKZ/"},{"refsource":"FEDORA","name":"FEDORA-2020-969414e05b","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JII7RYYYRBPQNEGGVSOXCM7JUZ43T3VH/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20220503 [SECURITY] [DLA 2992-1] openvpn security update","url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html"}]}},"nvd":{"publishedDate":"2020-04-27 15:15:00","lastModifiedDate":"2023-11-07 03:15:00","problem_types":["CWE-362"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW","baseScore":3.7,"baseSeverity":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openvpn:openvpn:*:*:*:*:*:*:*:*","versionStartIncluding":"2.4.0","versionEndExcluding":"2.4.9","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"11810","Ordinal":"172635","Title":"CVE-2020-11810","CVE":"CVE-2020-11810","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"11810","Ordinal":"1","NoteData":"An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be dropped. This requires careful timing due to the small time window (usually within a few seconds) between the victim client connection starting and the server PUSH_REPLY response back to the client. This attack will only work if Negotiable Cipher Parameters (NCP) is in use.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"11810","Ordinal":"2","NoteData":"2020-04-27","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"11810","Ordinal":"3","NoteData":"2020-05-03","Type":"Other","Title":"Modified"}]}}}