CVE-2017-7479

Опубликовано: 15 мая 2017

Источник: debian

EPSS Низкий

Описание

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
openvpn	fixed	2.4.0-5		package
openvpn	fixed	2.3.4-5+deb8u2	jessie	package

Примечания

https://github.com/OpenVPN/openvpn/commit/e498cb0ea8d3a451b39eaf6f9b6a7488f18250b8 (master)
https://github.com/OpenVPN/openvpn/commit/591a4e574c43cb9e820950f15dcaabda261def78 (2.4.x)
https://github.com/OpenVPN/openvpn/commit/b727643cdf4e078f132a90e1c474a879a5760578 (2.3.x)
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14643.html (3 patches for 2.2.x)
https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits

EPSS

Процентиль: 80%

0.01429

Низкий

Связанные уязвимости

CVE-2017-7479

CVSS3: 6.5

ubuntu

около 8 лет назад

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

CVE-2017-7479

CVSS3: 6.5

nvd

около 8 лет назад

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

GHSA-qhqf-49x5-89w6

CVSS3: 6.5

github

около 3 лет назад

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

openSUSE-SU-2017:1638-1

suse-cvrf

почти 8 лет назад

Security update for openvpn

SUSE-SU-2017:1622-1

suse-cvrf

почти 8 лет назад

Security update for openvpn

EPSS

Процентиль: 80%

0.01429

Низкий