CVE-2017-7521

Summary

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().

Affected Software

VendorProductVersion RangeStatus
OpenVPN Technologies, IncOpenVPNbefore 2.4.3affected
OpenVPN Technologies, IncOpenVPNbefore 2.3.17affected

Weaknesses

  • CWE-400: CWE-400

ADP Enrichment

CVE Program Container

Additional References

References