openvpn

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description An easy-to-use, robust and highly configurable VPN (Virtual Private Network)
Version 2.4.6-1 [core]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-420 2.4.3-3 2.4.4-1 Medium Fixed
AVG-319 2.4.2-1 2.4.3-1 Medium Not affected
AVG-318 2.4.2-1 2.4.3-1 Critical Fixed
AVG-271 2.4.1-2 2.4.2-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2017-7522 AVG-319 Medium Yes Denial of service
A post-authentication remote DoS has been found in OpenVPN >= 2.4 and < 2.4.3, allowing a client to crash a server by sending a crafted certificate with an...
CVE-2017-7521 AVG-318 High Yes Arbitrary code execution
A use-after-free has been found in OpenVPN < 2.4.3. The issue is caused by extract_x509_extension() not checking the return value of ASN1_STRING_to_UTF8(),...
CVE-2017-7520 AVG-318 Critical Yes Information disclosure
A pre-authentication remote crash/information disclosure vulnerability has been discovered in OpenVPN < 2.4.3. If the client uses a HTTP proxy with NTLM...
CVE-2017-7512 AVG-318 High Yes Denial of service
A remote denial of service has been found in OpenVPN < 2.4.3. A remote client can exploit a memory leak in the server's certificate parsing code to make it...
CVE-2017-7508 AVG-318 High Yes Denial of service
A remote denial of service has been found in OpenVPN < 2.4.3, allowing a remote client to crash a server by sending a malformed IPv6 packet. The issue...
CVE-2017-7479 AVG-271 Medium Yes Denial of service
A security issue has been found in OpenVPN <= 2.4.1 where an authenticated attacker can crash a server using an AEAD mode cipher by sending crafted data to...
CVE-2017-7478 AVG-271 High Yes Denial of service
A security issue has been found in OpenVPN <= 2.4.1 where an unauthenticated attacker can send a packet with an unexpected payload size during SSL...
CVE-2017-12166 AVG-420 Medium Yes Arbitrary code execution
The bounds check in the read_key() function in OpenVPN before 2.4.4 and 2.3.18 was performed after using the value, instead of before.  If 'key-method 1' is...

Advisories

Date Advisory Group Severity Description
28 Sep 2017 ASA-201709-21 AVG-420 Medium arbitrary code execution
22 Jun 2017 ASA-201706-27 AVG-318 Critical multiple issues
13 May 2017 ASA-201705-16 AVG-271 High denial of service