Remote Denial-of-Service Vulnerability in OpenVPN Software
CVE-2017-7508

7.5HIGH

Key Information:

Vendor

Openvpn Technologies, Inc

Status
Openvpn
Vendor
CVE Published:
27 June 2017

What is CVE-2017-7508?

Certain versions of OpenVPN are susceptible to a remote denial-of-service attack when processing malformed IPv6 packets. Exploiting this vulnerability could lead to a service disruption, affecting the availability of the VPN service. Users and administrators of OpenVPN versions before 2.4.3 and 2.3.17 should upgrade to the latest versions to mitigate this risk.

Affected Version(s)

OpenVPN before 2.4.3

OpenVPN before 2.3.17

References

https://community.openvpn.net/openvpn/wiki/Vulnerabilitie...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038768
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/99230
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.