PT-2017-17762 · Openvpn+3 · Openvpn+3

Guido Vranken

·

Published

2017-05-11

·

Updated

2019-10-03

·

CVE-2017-7479

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions OpenVPN versions prior to 2.3.15 OpenVPN versions prior to 2.4.2
Description The issue allows an authenticated attacker to cause a Denial of Service of the server. This occurs when the packet-ID counter rolls over, resulting in a reachable assertion.
Recommendations For versions prior to 2.3.15, update to version 2.3.15 or later. For versions prior to 2.4.2, update to version 2.4.2 or later.

Fix

DoS

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

ALT-PU-2017-1606
CVE-2017-7479
DLA-944-1
DSA-3900-1
MGASA-2017-0152
SUSE-SU-2017:1622-1
SUSE-SU-2017:1718-1
SUSE-SU-2017:2838-1
USN-3284-1
USN-3339-1

Affected Products

Alt Linux
Openvpn
Suse
Ubuntu