CVE-2017-7478

Summary

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.

Affected Software

VendorProductVersion RangeStatus
OpenVPN Technologies, Incopenvpn2.3.12 and neweraffected

Weaknesses

  • CWE-617: CWE-617

ADP Enrichment

CVE Program Container

Additional References

References