Published: 15/05/2017 Updated: 03/10/2019

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

OpenVPN versions prior to 2.3.15 and prior to 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openvpn openvpn
openvpn openvpn 2.4.0
openvpn openvpn 2.4.1

Debian Bug report logs - #865480 openvpn: CVE-2017-7508 CVE-2017-7520 CVE-2017-7521 Package: src:openvpn; Maintainer for src:openvpn is Bernhard Schmidt <berni@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 21 Jun 2017 20:00:02 UTC Severity: grave Tags: security, upstream Found in vers ...

Several security issues were fixed in OpenVPN ...

Several issues were discovered in openvpn, a virtual private network application CVE-2017-7479 It was discovered that openvpn did not properly handle the rollover of packet identifiers This would allow an authenticated remote attacker to cause a denial-of-service via application crash CVE-2017-7508 Guido Vranken discovered t ...

A security issue has been found in OpenVPN <= 241 where an authenticated attacker can crash a server using an AEAD mode cipher by sending crafted data to exhaust the packet counter ...

CWE-617 https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits http://www.securityfocus.com/bid/98443 http://www.securitytracker.com/id/1038473 http://www.debian.org/security/2017/dsa-3900 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865480 https://nvd.nist.gov https://usn.ubuntu.com/3284-1/

CVE-2017-7479

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect