|Type||Arbitrary code execution|
A use-after-free has been found in OpenVPN < 2.4.3. The issue is caused by extract_x509_extension() not checking the return value of ASN1_STRING_to_UTF8(), and using then freeing a memory allocation that has already been freed if it failed. The issue requires the use of the --x509-alt-username option with an x509 extension, and is very unlikely to be triggered unless the remote peer can make the local process run out of memory.
|22 Jun 2017||ASA-201706-27||AVG-318||openvpn||Critical||multiple issues|