A post-authentication remote DoS has been found in OpenVPN >= 2.4 and < 2.4.3, allowing a client to crash a server by sending a crafted certificate with an embedded NUL character. The issue requires the OpenVPN server to be built against mbedtls and to use the --x509-track option.
A post-authentication remote DoS has been found in OpenVPN >= 2.4 and < 2.4.3, allowing a client to crash a server by sending a crafted certificate with an embedded NUL character. The issue requires the OpenVPN server to be built against mbedtls and to use the --x509-track option.
https://github.com/OpenVPN/openvpn/commit/426392940c