Vulnerability CVE-2017-7479: Information

Description

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-7479
Published: May 15, 2017
Modified: Oct. 3, 2019
Error type identifier: CWE-617

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
openvpnsisyphus2.4.2-alt12.6.10-alt1ALT-PU-2017-1606-1182960Fixed
openvpnp102.4.2-alt12.5.6-alt1ALT-PU-2017-1606-1182960Fixed
openvpnp92.4.2-alt12.5.6-alt1ALT-PU-2017-1606-1182960Fixed
openvpnp82.4.3-alt0.M80P.12.4.4-alt0.M80P.1ALT-PU-2017-1778-1184642Fixed
openvpnc10f12.4.2-alt12.5.6-alt1ALT-PU-2017-1606-1182960Fixed
openvpnc9f22.4.2-alt12.4.9-alt1.c9f2.2ALT-PU-2017-1606-1182960Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits
  • Vendor Advisory
98443
    1038473
      DSA-3900

          1. Configuration 1

            cpe:2.3:a:openvpn:openvpn:*:*:*:*:*:*:*:*
            End including
            2.3.14
            cpe:2.3:a:openvpn:openvpn:2.4.0:*:*:*:*:*:*:*
            cpe:2.3:a:openvpn:openvpn:2.4.0:beta1:*:*:*:*:*:*
            cpe:2.3:a:openvpn:openvpn:2.4.0:rc1:*:*:*:*:*:*
            cpe:2.3:a:openvpn:openvpn:2.4.0:beta2:*:*:*:*:*:*
            cpe:2.3:a:openvpn:openvpn:2.4.0:alpha2:*:*:*:*:*:*
            cpe:2.3:a:openvpn:openvpn:2.4.1:*:*:*:*:*:*:*
            cpe:2.3:a:openvpn:openvpn:2.4.0:rc2:*:*:*:*:*:*
        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
        Version: v24.4.2
        Back to top