CVE-2017-7479 — Reachable Assertion in Technologies INC Openvpn

CWE-617 — Reachable Assertion11 documents6 sources

Severity

6.5MEDIUMNVD

OSV5.9

EPSS

0.4%

top 41.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openvpn Technologies INC Openvpn Openvpn Debian Openvpn

Timeline

PublishedMay 15

Latest updateMay 13

Description

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶debiandebian/openvpn< openvpn 2.4.0-5 (bookworm)

▶CVEListV5openvpn_technologies_inc/openvpn< 2.3.15+1

▶Debianopenvpn/openvpn< 2.4.0-5+3

▶Ubuntuopenvpn/openvpn< 2.3.2-7ubuntu3.2+1

▶NVDopenvpn/openvpn2.3.14+2

🔴Vulnerability Details

GHSA

GHSA-qhqf-49x5-89w6: OpenVPN versions before 2↗2022-05-13

▶

OSV

openvpn vulnerabilities↗2017-06-22

▶

OSV

CVE-2017-7479: OpenVPN versions before 2↗2017-05-15

▶

📋Vendor Advisories

Ubuntu

OpenVPN vulnerabilities↗2017-06-22

▶

Ubuntu

OpenVPN vulnerabilities↗2017-05-11

▶

Debian

CVE-2017-7479: openvpn - OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable asse...↗2017

▶

💬Community

Bugzilla

CVE-2017-7479 openvpn: DoS due to exhaustion of packet-ID counter↗2017-05-15

▶

Bugzilla

CVE-2017-7478 CVE-2017-7479 openvpn: various flaws [fedora-all]↗2017-05-15

▶

Bugzilla

CVE-2017-7478 CVE-2017-7479 openvpn: various flaws [epel-all]↗2017-05-15

▶