CVE-2017-7478

Опубликовано: 15 мая 2017

Источник: debian

EPSS Низкий

Описание

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
openvpn	fixed	2.4.0-5		package
openvpn	not-affected		jessie	package
openvpn	not-affected		wheezy	package

Примечания

https://github.com/OpenVPN/openvpn/commit/5774cf4c25e1d8bf4e544702db8f157f111c9d93 (master)
https://github.com/OpenVPN/openvpn/commit/66b99a0753352c5cc43e11e39835b6423112df98 (2.4.x)
https://github.com/OpenVPN/openvpn/commit/feb35ee5cac605edddd6e9dc62941e2c53f96fb3 (2.3.x)
Introduced in: https://github.com/OpenVPN/openvpn/commit/3c1b19e04745177185decd14da82c71458442b82 (2.4.0)
Introduced in (backported to 2.3.12): https://github.com/OpenVPN/openvpn/commit/358f513c008bf01fadb82759ac75ffb8613fc785
https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits

EPSS

Процентиль: 87%

0.03313

Низкий

Связанные уязвимости

CVE-2017-7478

CVSS3: 7.5

ubuntu

около 8 лет назад

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.

CVE-2017-7478

CVSS3: 7.5

nvd

около 8 лет назад

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.

GHSA-3wwj-66cm-595v

CVSS3: 7.5

github

около 3 лет назад

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.

openSUSE-SU-2017:1638-1

suse-cvrf

почти 8 лет назад

Security update for openvpn

SUSE-SU-2017:1622-1

suse-cvrf

почти 8 лет назад

Security update for openvpn

EPSS

Процентиль: 87%

0.03313

Низкий