Openvpn Technologies Inc Openvpn vulnerabilities

CVE-2017-7508 [HIGH] CWE-617 CVE-2017-7508: OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when rece OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.

CVE-2017-7520 [HIGH] CWE-200 CVE-2017-7520: OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.

CVE-2017-7521 [MEDIUM] CWE-400 CVE-2017-7521: OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to me OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().

CVE-2017-7522 [MEDIUM] CWE-20 CVE-2017-7522: OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.

CVE-2017-7478 [HIGH] CWE-617 CVE-2017-7478: OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via re OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.

CVE-2017-7479 [MEDIUM] CWE-617 CVE-2017-7479: OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.