DEBIAN-CVE-2016-6329

DEBIAN-CVE-2016-6329 REJECTED CVSS 5.900000095367432 MEDIUM

OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.

Risk Scores

CVSS v3.0

5.900000095367432

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:11	openvpn	2.6.0~git20220811-1, 0, 2.5.1-3
Debian:12	openvpn	2.6.3-1+deb12u2, 2.6.13-1, 2.6.14-1
Debian:13	openvpn	2.7.0, 0, 2.6.14-1
Debian:14	openvpn	0, 2.6.14-1, 2.6.14-2

Timeline

Apr 11, 2025 PoC Published
Dec 8, 2025 CVE Rejected

References

https://security-tracker.debian.org/tracker/CVE-2016-6329 advisory

Open in Interactive Console →