2376 matches found
CVE-2017-7520
CVE-2017-7520 affects OpenVPN versions prior to 2.4.3 and prior to 2.3.17, enabling denial-of-service and/or a potentially sensitive memory leak triggered by a man-in-the-middle attacker. The connected advisories and trackers confirm patches/update guidance to mitigate by upgrading OpenVPN to ver...
CVE-2017-7521
OpenVPN vulnerability CVE-2017-7521 affects OpenVPN versions before 2.4.3 and before 2.3.17, where memory exhaustion via a memory leaks and a double-free in extract_x509_extension() enables remote denial-of-service. Debian/DSA advisories list fixed releases (e.g., 2.4.0-6+deb9u1, 2.4.3-1, etc.). ...
CVE-2017-7508
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet...
CVE-2017-7520
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker...
CVE-2017-7522
OpenVPN is affected by CVE-2017-7522. OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to a denial-of-service caused by an authenticated remote attacker sending a certificate with an embedded NULL character. The issue is described in multiple connected sources as part of a set of vu...
CVE-2017-7522
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character...
CVE-2017-7521
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extractx509extension...
CVE-2017-7508
CVE-2017-7508 affects OpenVPN versions prior to 2.4.3 and prior to 2.3.17, enabling a remote attacker to cause a denial-of-service by sending malformed IPv6 packets. The root cause is improper handling of specific malformed IPv6 packets, leading to application crash under remote attack conditions...
CVE-2017-7521
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extractx509extension...
CVE-2017-7520
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker...
CVE-2017-7522
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character...
CVE-2017-7508
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet...
DSA-3900-1 openvpn - security update
Bulletin has no description...
Debian Security Advisory DSA 3900-1 (openvpn - security update)
Several issues were discovered in openvpn, a virtual private network application. CVE-2017-7479 It was discovered that openvpn did not properly handle the rollover of packet identifiers. This would allow an authenticated remote attacker to cause a denial-of-service via application crash...
Important: openvpn
Issue Overview: OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. CVE-2017-7508 OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a...
Security update for openvpn (important)
This update for openvpn fixes the following issues: - Some parts of the certificate-parsing code did not always clear all allocated memory. This would have allowed clients to leak a few bytes of memory for each connection attempt, thereby facilitating a quite inefficient DoS attack on the server...
OpenVPN Denial of Service Vulnerability (CNVD-2017-14886)
OpenVPN is a software package from the American company OpenVPN for creating encrypted tunnels for Virtual Private Networks VPNs, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using public keys, electronic certificates, or...
OpenVPN Denial of Service Vulnerability (CNVD-2017-14887)
OpenVPN is a software package from the American company OpenVPN for creating encrypted tunnels for Virtual Private Networks VPNs, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using public keys, electronic certificates, or...
OpenVPN Information Disclosure Vulnerability (CNVD-2017-14888)
OpenVPN is a software package from the American company OpenVPN for creating encrypted tunnels for Virtual Private Networks VPNs, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using public keys, electronic certificates, or...
Fedora 25 : openvpn (2017-0639fb1490)
Updates to the latest upstream OpenVPN 2.4.3, containing security updates for CVE-2017-7508, CVE-2017-7520 and CVE-2017-7521. This update also re-enables automatic restart of OpenVPN on the next updates. For this update, the restart needs to be done manually. Note that Tenable Network Security ha...