openvpn: denial of service

ID ASA-201412-2
Type archlinux
Reporter Arch Linux
Modified 2014-12-02T00:00:00


It was discovered that an authenticated client could trigger an ASSERT() in OpenVPN by sending a too-short control channel packet to the server. This could cause the OpenVPN server to crash and deny access to the VPN to other legitimate users.