CVE-2017-7520

Опубликовано: 27 июн. 2017

Источник: debian

EPSS Низкий

Описание

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
openvpn	fixed	2.4.3-1		package

Примечания

Fixed by (master): https://github.com/OpenVPN/openvpn/commit/7718c8984f04b507c1885f363970e2124e3c6c77
Fixed by (2.4.x): https://github.com/OpenVPN/openvpn/commit/043fe327878eba75efa13794c9845f85c3c629f2
Fixed by (2.3.x): https://github.com/OpenVPN/openvpn/commit/f38a4a105979b87ebebe9be1c3d323116d3fb924
https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
https://www.openwall.com/lists/oss-security/2017/06/21/6

EPSS

Процентиль: 68%

0.00571

Низкий

Связанные уязвимости

CVE-2017-7520

CVSS3: 7.4

ubuntu

почти 8 лет назад

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.

CVE-2017-7520

CVSS3: 7.5

redhat

почти 8 лет назад

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.

CVE-2017-7520

CVSS3: 7.4

nvd

почти 8 лет назад

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.

GHSA-757r-jmm6-p24p

CVSS3: 7.4

github

около 3 лет назад

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.

BDU:2018-00021

CVSS3: 7.4

fstec

около 8 лет назад

Уязвимость пакета OpenVPN, существующая из-за неправильной обработки клиентских подключений к HTTP-прокси, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 68%

0.00571

Низкий