CVE-2017-7512

Source
Severity High
Remote Yes
Type Denial of service
Description
A remote denial of service has been found in OpenVPN < 2.4.3. A remote client can exploit a memory leak in the server's certificate parsing code to make it leak a few bytes of memory for each connection attempt, causing it to run out of memory.
Group Package Affected Fixed Severity Status Ticket
AVG-318 openvpn 2.4.2-1 2.4.3-1 Critical Fixed
Date Advisory Group Package Severity Description
22 Jun 2017 ASA-201706-27 AVG-318 openvpn Critical multiple issues
References
https://github.com/OpenVPN/openvpn/commit/2341f71619
https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243