AVG-420

Package openvpn
Status Fixed
Severity Medium
Type arbitrary code execution
Affected 2.4.3-3
Fixed 2.4.4-1
Current 2.4.6-1 [core]
Ticket None
Created Wed Sep 27 13:16:55 2017
Issue Severity Remote Type Description
CVE-2017-12166 Medium Yes Arbitrary code execution
The bounds check in the read_key() function in OpenVPN before 2.4.4 and 2.3.18 was performed after using the value, instead of before.  If 'key-method 1' is...
Date Advisory Package Description
28 Sep 2017 ASA-201709-21 openvpn arbitrary code execution