OpenVPN versions prior to 2.4.3 and prior to 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openvpn openvpn |
||
openvpn openvpn 2.4.1 |
||
openvpn openvpn 2.4.2 |
||
openvpn openvpn 2.4.0 |
Patches for servers and clients already out there – get updating just in case
OpenVPN has patched a bunch of security vulnerabilities that can be exploited to crash the service or, at a pinch, potentially gain remote-code execution. You should update your installations to versions 2.4.3 or 2.3.17 as soon as you can just to be on the safe side. The four holes were found by Guido Vranken, who took a fuzzer to the widely used VPN software, and worked independently of the OpenVPN team's big code audit this year. He published his findings on Wednesday. First in the list is CVE...