CVE-2017-7478
published 2017-05-15CVE-2017-7478: OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed…
PriorityP354high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
13.89%
96.1th percentile
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openvpn | < openvpn 2.4.0-5 (bookworm) | openvpn 2.4.0-5 (bookworm) |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | >= 0 < 2.4.0-5 | 2.4.0-5 |
| openvpn | openvpn | >= 0 < 2.4.0-5 | 2.4.0-5 |
| openvpn | openvpn | >= 0 < 2.4.0-5 | 2.4.0-5 |
| openvpn | openvpn | >= 0 < 2.4.0-5 | 2.4.0-5 |
| openvpn_technologies_inc | openvpn | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_ubuntu7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3wwj-66cm-595v: OpenVPN version 2
ghsa_unreviewed·2022-05-17
CVE-2017-7478 [HIGH] CWE-20 GHSA-3wwj-66cm-595v: OpenVPN version 2
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.
OSV
CVE-2017-7478: OpenVPN version 2
osv·2017-05-15·CVSS 7.5
CVE-2017-7478 [HIGH] CVE-2017-7478: OpenVPN version 2
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.
Ubuntu
OpenVPN vulnerabilities
vendor_ubuntu·2017-05-11·CVSS 7.5
CVE-2017-7478 [HIGH] OpenVPN vulnerabilities
Title: OpenVPN vulnerabilities
Summary: Several security issues were fixed in OpenVPN.
It was discovered that OpenVPN improperly triggered an assert when
receiving an oversized control packet in some situations. A remote
attacker could use this to cause a denial of service (server or client
crash). (CVE-2017-7478)
It was discovered that OpenVPN improperly triggered an assert when packet
ids rolled over. An authenticated remote attacker could use this to cause a
denial of service (application crash). (CVE-2017-7479)
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2017-7478: openvpn - OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Serv...
vendor_debian·2017·CVSS 7.5
CVE-2017-7478 [HIGH] CVE-2017-7478: openvpn - OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Serv...
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.
Scope: local
bookworm: resolved (fixed in 2.4.0-5)
bullseye: resolved (fixed in 2.4.0-5)
forky: resolved (fixed in 2.4.0-5)
sid: resolved (fixed in 2.4.0-5)
trixie: resolved (fixed in 2.4.0-5)
No detection rules found.
Bugzilla
CVE-2017-7478 openvpn: Unauthenticated DoS via large control packets
bugzilla·2017-05-15·CVSS 7.5
CVE-2017-7478 [HIGH] CVE-2017-7478 openvpn: Unauthenticated DoS via large control packets
CVE-2017-7478 openvpn: Unauthenticated DoS via large control packets
Asserting on the length of received control packets can lead to unauthenticated denial of service when received control packet is too large.
This issue affects OpenVPN 2.3.12 and newer.
Upstream fixes:
openvpn 2.3: https://github.com/OpenVPN/openvpn/commit/feb35ee5ca
openvpn 2.4: https://github.com/OpenVPN/openvpn/commit/66b99a0753
master: https://github.com/OpenVPN/openvpn/commit/5774cf4c25e
External References:
https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits
Discussion:
Acknowledgments:
Name: the OpenVPN project
Upstream: QuarksLab
---
Updated in Fedora/Fedora EPEL:
* F-24: (in progress, will be updated to 2.3.15)
* F-25: https://bodhi.fedoraproject.org/updates/FEDORA-2017-0
Bugzilla
CVE-2017-7478 CVE-2017-7479 openvpn: various flaws [fedora-all]
bugzilla·2017-05-15·CVSS 7.5
CVE-2017-7478 [HIGH] CVE-2017-7478 CVE-2017-7479 openvpn: various flaws [fedora-all]
CVE-2017-7478 CVE-2017-7479 openvpn: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. Wh
Bugzilla
CVE-2017-7478 CVE-2017-7479 openvpn: various flaws [epel-all]
bugzilla·2017-05-15·CVSS 7.5
CVE-2017-7478 [HIGH] CVE-2017-7478 CVE-2017-7479 openvpn: various flaws [epel-all]
CVE-2017-7478 CVE-2017-7479 openvpn: various flaws [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora EPEL. W
http://www.securityfocus.com/bid/98444http://www.securitytracker.com/id/1038473https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAuditshttps://www.exploit-db.com/exploits/41993/http://www.securityfocus.com/bid/98444http://www.securitytracker.com/id/1038473https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAuditshttps://www.exploit-db.com/exploits/41993/
2017-05-15
Published