CVE-2017-7521

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
A use-after-free has been found in OpenVPN < 2.4.3. The issue is caused by extract_x509_extension() not checking the return value of ASN1_STRING_to_UTF8(), and using then freeing a memory allocation that has already been freed if it failed. The issue requires the use of the --x509-alt-username option with an x509 extension, and is very unlikely to be triggered unless the remote peer can make the local process run out of memory.
Group Package Affected Fixed Severity Status Ticket
AVG-318 openvpn 2.4.2-1 2.4.3-1 Critical Fixed
Date Advisory Group Package Severity Description
22 Jun 2017 ASA-201706-27 AVG-318 openvpn Critical multiple issues
References
https://github.com/OpenVPN/openvpn/commit/cb4e35ece4
https://github.com/OpenVPN/openvpn/commit/2d032c7fcd