CVE-2017-7521 Remote server crashes/double-free/memory leaks in certificate processing CVE-2017-7520 Remote (including MITM) client crash, data leak CVE-2017-7508 Remote server crash (forced assertion failure) CVE-2017-7522 Crash mbed TLS/PolarSSL-based server (no cve) Remote/mitm Null-pointer dereference in establish_http_proxy_passthru() (no cve) Stack buffer overflow if long –tls-cipher is given (no cve) Remote (including MITM) client stack buffer corruption https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/

Related CVEs

Associated Common Vulnerabilities and Exposures

CVE-2017-7521 UNKNOWN

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().

CVE-2017-7520 UNKNOWN

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.

CVE-2017-7522 UNKNOWN

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.

CVE-2017-7508 UNKNOWN

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.

Report Details

Additional information and metadata

State

Closed

Substate

Resolved