DEBIAN-CVE-2016-6329

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2016-6329
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2016-6329.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2016-6329
Upstream
Published
2017-01-31T22:59:00Z
Modified
2025-09-30T05:10:04.928652Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.

References

Affected packages

Debian:11 / openvpn

Package

Name
openvpn
Purl
pkg:deb/debian/openvpn?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.5.1-3
2.5.1-3+deb11u1
2.5.1-3+deb11u2
2.5.5-1
2.5.6-1
2.6.0~git20220317+dco-1
2.6.0~git20220510+dco-1
2.6.0~git20220518+dco-1
2.6.0~git20220518+dco-2
2.6.0~git20220518+dco-3
2.6.0~git20220808-1
2.6.0~git20220811-1
2.6.0~git20220811-2
2.6.0~git20220818-1
2.6.0~git20221116-1
2.6.0~git20221201-1
2.6.0~git20221215+beta2-1
2.6.0~git20221222-1
2.6.0~rc1-1~bpo11+1
2.6.0~rc1-1
2.6.0~rc2-1
2.6.0-1~bpo11+1
2.6.0-1
2.6.1-1~exp1
2.6.1-1
2.6.2-1~exp1
2.6.2-1~exp2
2.6.3-1~bpo11+1
2.6.3-1
2.6.3-2
2.6.3-2.1
2.6.7-1
2.6.9-1
2.6.11-1
2.6.12-1
2.6.13-1
2.6.14-1
2.6.14-2
2.7.0~alpha1-1
2.7.0~alpha2-1
2.7.0~alpha3-1
2.7.0~beta1-1
2.7.0~beta2-1

Ecosystem specific 

{
    "urgency": "unimportant"
}

Debian:12 / openvpn

Package

Name
openvpn
Purl
pkg:deb/debian/openvpn?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.6.3-1
2.6.3-1+deb12u1~bpo11+1
2.6.3-1+deb12u1
2.6.3-1+deb12u2~bpo11+1
2.6.3-1+deb12u2
2.6.3-1+deb12u3
2.6.3-2
2.6.3-2.1
2.6.7-1
2.6.9-1
2.6.11-1
2.6.12-1
2.6.13-1
2.6.14-1
2.6.14-2
2.7.0~alpha1-1
2.7.0~alpha2-1
2.7.0~alpha3-1
2.7.0~beta1-1
2.7.0~beta2-1

Ecosystem specific 

{
    "urgency": "unimportant"
}

Debian:13 / openvpn

Package

Name
openvpn
Purl
pkg:deb/debian/openvpn?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.6.14-1
2.6.14-2
2.7.0~alpha1-1
2.7.0~alpha2-1
2.7.0~alpha3-1
2.7.0~beta1-1
2.7.0~beta2-1

Ecosystem specific 

{
    "urgency": "unimportant"
}

Debian:14 / openvpn

Package

Name
openvpn
Purl
pkg:deb/debian/openvpn?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.6.14-1
2.6.14-2
2.7.0~alpha1-1
2.7.0~alpha2-1
2.7.0~alpha3-1
2.7.0~beta1-1
2.7.0~beta2-1

Ecosystem specific 

{
    "urgency": "unimportant"
}