CVE-2017-12166

Опубликовано: 04 окт. 2017

Источник: debian

EPSS Низкий

Описание

OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
openvpn	fixed	2.4.4-1		package
openvpn	no-dsa		jessie	package
openvpn	no-dsa		wheezy	package

Примечания

https://community.openvpn.net/openvpn/wiki/CVE-2017-12166
https://www.openwall.com/lists/oss-security/2017/09/28/2
https://community.openvpn.net/openvpn/changeset/3b1a61e9fb27213c46f76312f4065816bee8ed01/ (master)
https://community.openvpn.net/openvpn/changeset/c7e259160b28e94e4ea7f0ef767f8134283af255/ (release/2.4)
https://community.openvpn.net/openvpn/changeset/fce34375295151f548a26c2d0eb30141e427c81a/ (release/2.3)
https://community.openvpn.net/openvpn/changeset/a9f5c744d6b09f2495ca48d2c926efd3a4b981e6/ (release/2.2)

EPSS

Процентиль: 89%

0.05144

Низкий

Связанные уязвимости

CVE-2017-12166

CVSS3: 9.8

ubuntu

больше 7 лет назад

OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.

CVE-2017-12166

CVSS3: 9.8

nvd

больше 7 лет назад

OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.

openSUSE-SU-2017:2892-1

suse-cvrf

больше 7 лет назад

Security update for openvpn

SUSE-SU-2017:3177-1

suse-cvrf

больше 7 лет назад

Security update for openvpn-openssl1

SUSE-SU-2017:2839-1

suse-cvrf

больше 7 лет назад

Security update for openvpn

EPSS

Процентиль: 89%

0.05144

Низкий