CVE-2017-7478

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-7478

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7478.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-7478

Related

Published

2017-05-15T18:29:00Z

Modified

2024-09-18T02:51:03.044331Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.

References

Affected packages

Alpine:v3.5 / openvpn

Package

Name: openvpn
Purl: pkg:apk/alpine/openvpn?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3.15-r0

Affected versions

2.*

2.0.9-r0

2.0.9-r1

2.0.9-r2

2.1.1-r0

2.1.1-r1

2.1.1-r2

2.1.3-r0

2.1.4-r0

2.1.4-r1

2.2.0-r0

2.2.0-r1

2.2.0-r2

2.2.2-r0

2.3.0-r0

2.3.1-r0

2.3.2-r0

2.3.2-r1

2.3.2-r2

2.3.3-r0

2.3.4-r0

2.3.5-r0

2.3.6-r0

2.3.6-r1

2.3.7-r0

2.3.8-r0

2.3.8-r1

2.3.9-r0

2.3.10-r0

2.3.10-r1

2.3.10-r2

2.3.11-r0

2.3.12-r0

2.3.12-r1

2.3.14-r0

Alpine:v3.6 / openvpn

Package

Name: openvpn
Purl: pkg:apk/alpine/openvpn?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.2-r0

Affected versions

2.*

2.0.9-r0

2.0.9-r1

2.0.9-r2

2.1.1-r0

2.1.1-r1

2.1.1-r2

2.1.3-r0

2.1.4-r0

2.1.4-r1

2.2.0-r0

2.2.0-r1

2.2.0-r2

2.2.2-r0

2.3.0-r0

2.3.1-r0

2.3.2-r0

2.3.2-r1

2.3.2-r2

2.3.3-r0

2.3.4-r0

2.3.5-r0

2.3.6-r0

2.3.6-r1

2.3.7-r0

2.3.8-r0

2.3.8-r1

2.3.9-r0

2.3.10-r0

2.3.10-r1

2.3.10-r2

2.3.11-r0

2.3.12-r0

2.3.12-r1

2.3.14-r0

2.4.0-r0

2.4.1-r0

2.4.1-r1

Debian:11 / openvpn

Package

Name: openvpn
Purl: pkg:deb/debian/openvpn?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.0-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / openvpn

Package

Name: openvpn
Purl: pkg:deb/debian/openvpn?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.0-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / openvpn

Package

Name: openvpn
Purl: pkg:deb/debian/openvpn?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.0-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/openvpn/openvpn

Affected ranges

Type: GIT
Repo: https://github.com/openvpn/openvpn
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

307abe7b32e951ece58c7964b3fa72536aee6724

Last affected

bb9d4c91c95f245dea87735e4e05661e04931b33

Affected versions

v2.*

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1_rc1

v2.1_rc10

v2.1_rc11

v2.1_rc12

v2.1_rc13

v2.1_rc14

v2.1_rc15

v2.1_rc16

v2.1_rc17

v2.1_rc18

v2.1_rc19

v2.1_rc2

v2.1_rc20

v2.1_rc21

v2.1_rc22

v2.1_rc3

v2.1_rc4

v2.1_rc5

v2.1_rc6

v2.1_rc7

v2.1_rc8

v2.1_rc9

v2.2-RC

v2.2-RC2

v2.2-beta4

v2.2-beta5

v2.3-alpha1

v2.3_alpha2

v2.3_alpha3

v2.3_beta1

v2.4.0

v2.4_alpha1

v2.4_alpha2

v2.4_beta1

v2.4_beta2

v2.4_rc1

v2.4_rc2