| CVE-2017-7521 |
High |
Yes |
Arbitrary code execution |
A use-after-free has been found in OpenVPN < 2.4.3. The issue is caused by extract_x509_extension() not checking the return value of ASN1_STRING_to_UTF8(),... |
| CVE-2017-7520 |
Critical |
Yes |
Information disclosure |
A pre-authentication remote crash/information disclosure vulnerability has been discovered in OpenVPN < 2.4.3. If the client uses a HTTP proxy with NTLM... |
| CVE-2017-7512 |
High |
Yes |
Denial of service |
A remote denial of service has been found in OpenVPN < 2.4.3. A remote client can exploit a memory leak in the server's certificate parsing code to make it... |
| CVE-2017-7508 |
High |
Yes |
Denial of service |
A remote denial of service has been found in OpenVPN < 2.4.3, allowing a remote client to crash a server by sending a malformed IPv6 packet. The issue... |