Denial of Service Vulnerability in OpenVPN by OpenVPN Technologies
CVE-2017-7479

6.5MEDIUM

Key Information:

Vendor

Openvpn Technologies, Inc

Status
Openvpn
Vendor
CVE Published:
15 May 2017

What is CVE-2017-7479?

An issue exists in OpenVPN versions prior to 2.3.15 and 2.4.2, where a reachable assertion can be triggered when the packet-ID counter rolls over. This vulnerability allows an authenticated attacker to exploit the system, leading to a potential Denial of Service condition on the server. This could impact availability, making it crucial for users to update to safe versions to mitigate risks.

Affected Version(s)

openvpn < 2.3.15 < 2.3.15

openvpn < 2.4.2 < 2.4.2

References

https://community.openvpn.net/openvpn/wiki/QuarkslabAndCr...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038473
vdb-entryx_refsource_SECTRACK
http://www.debian.org/security/2017/dsa-3900
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.