Vulnerability Description
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.
CVSS Score
7.5
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openvpn | Openvpn | 2.3.12 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/98444
- http://www.securitytracker.com/id/1038473
- https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAuditVendor Advisory
- https://www.exploit-db.com/exploits/41993/
- http://www.securityfocus.com/bid/98444
- http://www.securitytracker.com/id/1038473
- https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAuditVendor Advisory
- https://www.exploit-db.com/exploits/41993/
FAQ
What is CVE-2017-7478?
CVE-2017-7478 is a vulnerability with a CVSS score of 7.5 (HIGH). OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.
How severe is CVE-2017-7478?
CVE-2017-7478 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-7478?
Check the references section above for vendor advisories and patch information. Affected products include: Openvpn Openvpn.