{"id":"CVE-2016-6329","details":"OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a \"Sweet32\" attack.","modified":"2026-03-20T11:12:52.247101Z","published":"2017-01-31T22:59:00.377Z","related":["MGASA-2016-0304","SUSE-SU-2017:1622-1","SUSE-SU-2017:2838-1"],"references":[{"type":"WEB","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"},{"type":"ADVISORY","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21991482"},{"type":"ADVISORY","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21995039"},{"type":"ADVISORY","url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201611-02"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/92631"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1036695"},{"type":"ADVISORY","url":"https://community.openvpn.net/openvpn/wiki/SWEET32"},{"type":"ADVISORY","url":"https://sweet32.info/"},{"type":"REPORT","url":"http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openvpn/openvpn","events":[{"introduced":"0"},{"last_affected":"117dadc02d163a3e93c28ef7bd296c8dfa1f6156"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.3.14"}]}}],"versions":["contains","v2.1.0","v2.1.1","v2.1.2","v2.1.3","v2.1_rc1","v2.1_rc10","v2.1_rc11","v2.1_rc12","v2.1_rc13","v2.1_rc14","v2.1_rc15","v2.1_rc16","v2.1_rc17","v2.1_rc18","v2.1_rc19","v2.1_rc2","v2.1_rc20","v2.1_rc21","v2.1_rc22","v2.1_rc3","v2.1_rc4","v2.1_rc5","v2.1_rc6","v2.1_rc7","v2.1_rc8","v2.1_rc9","v2.2-RC","v2.2-RC2","v2.2-beta4","v2.2-beta5","v2.3-alpha1","v2.3.0","v2.3.1","v2.3.10","v2.3.11","v2.3.12","v2.3.13","v2.3.14","v2.3.2","v2.3.3","v2.3.4","v2.3.5","v2.3.6","v2.3.7","v2.3.8","v2.3.9","v2.3_alpha2","v2.3_alpha3","v2.3_beta1","v2.3_rc1","v2.3_rc2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6329.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}