Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2017-7508

Published: 27/06/2017 Updated: 03/10/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Openvpn

Vulnerability Summary

OpenVPN versions prior to 2.4.3 and prior to 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.

Vulnerable Product Search on Vulmon Subscribe to Product

openvpn openvpn

openvpn openvpn 2.4.1

openvpn openvpn 2.4.2

openvpn openvpn 2.4.0

Vendor Advisories

Debian CVElist Bug Report Logs: openvpn: CVE-2017-7508 CVE-2017-7520 CVE-2017-7521
Debian Bug report logs - #865480 openvpn: CVE-2017-7508 CVE-2017-7520 CVE-2017-7521 Package: src:openvpn; Maintainer for src:openvpn is Bernhard Schmidt <berni@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 21 Jun 2017 20:00:02 UTC Severity: grave Tags: security, upstream Found in vers ...
Ubuntu Security Notice: openvpn vulnerabilities
Several security issues were fixed in OpenVPN ...
Debian Security Advisories: DSA-3900-1 openvpn -- security update
Several issues were discovered in openvpn, a virtual private network application CVE-2017-7479 It was discovered that openvpn did not properly handle the rollover of packet identifiers This would allow an authenticated remote attacker to cause a denial-of-service via application crash CVE-2017-7508 Guido Vranken discovered t ...
Amazon Linux AMI: ALAS-2017-852
OpenVPN versions before 243 and before 2317 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet (CVE-2017-7508) OpenVPN versions before 243 and before 2317 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character (CVE-2017-7522) OpenVPN versi ...
Red Hat: CVE-2017-7508
OpenVPN versions before 243 and before 2317 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet ...
Arch Linux Issues:
A remote denial of service has been found in OpenVPN < 243, allowing a remote client to crash a server by sending a malformed IPv6 packet The issue requires IPv6 and the --mssfix option to be enabled, and knowledge of the IPv6 networks used inside the VPN ...

Recent Articles

Researcher calls the fuzz on OpenVPN, uncovers crashy vulns
The Register • Richard Chirgwin • 22 Jun 2017

Patches for servers and clients already out there – get updating just in case

OpenVPN has patched a bunch of security vulnerabilities that can be exploited to crash the service or, at a pinch, potentially gain remote-code execution. You should update your installations to versions 2.4.3 or 2.3.17 as soon as you can just to be on the safe side. The four holes were found by Guido Vranken, who took a fuzzer to the widely used VPN software, and worked independently of the OpenVPN team's big code audit this year. He published his findings on Wednesday. First in the list is CVE...

Read more...

References

CWE-617https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243http://www.securityfocus.com/bid/99230http://www.securitytracker.com/id/1038768http://www.debian.org/security/2017/dsa-3900https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865480https://usn.ubuntu.com/3339-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946CVE-2024-30309CVE-2024-4761CVE-2024-30051type confusionmemory leakCVE-2024-30293reflected XSSCVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook