Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-7478  

A security issue has been found in OpenVPN <= 2.4.1 where an unauthenticated attacker can send a packet with an unexpected payload size during SSL handshake, causing a server shutdown. Servers using tls-auth are protected against this attack as packets with an invalid HMAC are discarded before being processed by the vulnerable code.

Source
Severity High

Remote Yes

Type Denial of service

Description 

A security issue has been found in OpenVPN <= 2.4.1 where an unauthenticated attacker can send a packet with an unexpected payload size during SSL handshake, causing a server shutdown. Servers using tls-auth are protected against this attack as packets with an invalid HMAC are discarded before being processed by the vulnerable code.

AVG-271 openvpn 2.4.1-2 2.4.2-1 High Fixed

13 May 2017 ASA-201705-16 AVG-271 openvpn High denial of service 

https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits
https://ostif.org/the-openvpn-2-4-0-audit-by-ostif-and-quarkslab-results/
http://blog.quarkslab.com/security-assessment-of-openvpn.html

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started