---

CVE-2017-7522 - log back

CVE-2017-7522 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Denial of service
Description	+ A post-authentication remote DoS has been found in OpenVPN >= 2.4 and < 2.4.3, allowing a client to crash a server by sending a crafted certificate with an embedded NUL character. The issue requires the OpenVPN server to be built against mbedtls and to use the --x509-track option.
References	+ https://github.com/OpenVPN/openvpn/commit/426392940c
Notes