OpenVPN 3 Core Library PKCS#7 Parser Vulnerability
CVE-2023-6247

Currently unrated

Key Information:

Vendor: OpenVPN
Status: OpenVPN 3 Core Library
Vendor: CVE Published:; 29 February 2024

What is CVE-2023-6247?

The PKCS#7 parser within OpenVPN 3 Core Library versions up to 3.8.3 contains a flaw in how it validates the parsed data. This vulnerability can allow malformed data to be processed incorrectly, potentially resulting in the application experiencing crashes. Such issues underline the importance of implementing proper data validation mechanisms to safeguard application integrity and ensure operational continuity.

Affected Version(s)

OpenVPN 3 Core Library 3.0 <= 3.8.3

References

https://community.openvpn.net/openvpn/wiki/CVE-2023-6247

technical-description

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 29, 2024
Vulnerability Reserved
Nov 21, 2023