Описание
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| openvpn | fixed | 2.4.3-1 | package | |
| openvpn | not-affected | jessie | package | |
| openvpn | not-affected | wheezy | package |
Примечания
Fixed by: https://github.com/OpenVPN/openvpn/commit/426392940c
https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
https://www.openwall.com/lists/oss-security/2017/06/21/6
In Debian openvpn is compiled against OpenSSL, thus even affected
code present.
EPSS
Связанные уязвимости
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.
EPSS