CVE-2017-7508

Source
Severity High
Remote Yes
Type Denial of service
Description
A remote denial of service has been found in OpenVPN < 2.4.3, allowing a remote client to crash a server by sending a malformed IPv6 packet. The issue requires IPv6 and the --mssfix option to be enabled, and knowledge of the IPv6 networks used inside the VPN.
Group Package Affected Fixed Severity Status Ticket
AVG-318 openvpn 2.4.2-1 2.4.3-1 Critical Fixed
Date Advisory Group Package Severity Description
22 Jun 2017 ASA-201706-27 AVG-318 openvpn Critical multiple issues
References
https://github.com/OpenVPN/openvpn/commit/c3f47077a7