NVD - Results

Sort results by:

Search Results (Refine Search)

Search Parameters:

CPE Product Version: cpe:/a:openvpn:openvpn:2.4.0:rc1

There are 6 matching records.

Displaying matches 1 through 6.

Vuln ID	Summary	CVSS Severity
CVE-2017-7522	OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character. Published: June 27, 2017; 9:29:00 AM -0400	V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM
CVE-2017-7521	OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension(). Published: June 27, 2017; 9:29:00 AM -0400	V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM
CVE-2017-7520	OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker. Published: June 27, 2017; 9:29:00 AM -0400	V3.0: 7.4 HIGH V2.0: 4.0 MEDIUM
CVE-2017-7508	OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. Published: June 27, 2017; 9:29:00 AM -0400	V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM
CVE-2017-7479	OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. Published: May 15, 2017; 2:29:00 PM -0400	V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM
CVE-2017-7478	OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2. Published: May 15, 2017; 2:29:00 PM -0400	V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM