Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2017-7478

Published: 15/05/2017 Updated: 16/08/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Openvpn

Vulnerability Summary

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openvpn openvpn 2.3.12

openvpn openvpn 2.3.14

openvpn openvpn 2.4.0

openvpn openvpn 2.3.13

openvpn openvpn 2.4.1

Vendor Advisories

Ubuntu Security Notice: openvpn vulnerabilities
Several security issues were fixed in OpenVPN ...
Arch Linux Issues:
A security issue has been found in OpenVPN <= 241 where an unauthenticated attacker can send a packet with an unexpected payload size during SSL handshake, causing a server shutdown Servers using tls-auth are protected against this attack as packets with an invalid HMAC are discarded before being processed by the vulnerable code ...

Exploits

Exploit DB: OpenVPN 2.4.0 - Denial of Service
#!/usr/bin/env python3 ''' $ /dos_serverpy & $ sudo /openvpn-240/src/openvpn/openvpn conf/server-tlsconf Fri Feb 24 10:19:19 2017 1921681491:64249 TLS: Initial packet from [AF_INET]1921681491:64249, sid=9a6c48a6 1467f5e1 Fri Feb 24 10:19:19 2017 1921681491:64249 Assertion failed at sslc:3711 (buf_copy(in, buf)) Fri Feb 24 10 ...

Recent Articles

Good news, OpenVPN fans: Your software's only a little bit buggy
The Register • Richard Chirgwin • 16 May 2017

Two code reviews give crypto client nearly clean bill of health

The venerable OpenVPN client has been given a mostly clean bill of health. Between December and February, a team led by Johns Hopkins University crypto-boffin Dr Matthew Green has been auditing OpenVPN 2.4's code. The review, paid for by Private Internet Access (which uses the software), has been published. While all software has bugs, the most important part of the verdict is that the review found “no major vulnerabilities”. Apparently, the project offers a bit of a tutorial for how to deve...

Read more...

References

CWE-20https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAuditshttp://www.securityfocus.com/bid/98444http://www.securitytracker.com/id/1038473https://www.exploit-db.com/exploits/41993/https://usn.ubuntu.com/3284-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/41993/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654CVE-2023-49606encryptionNULL pointer dereferenceCVE-2024-4439CVE-2024-4649race conditionCVE-2024-27202CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook