Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2017-7520

Published: 21 June 2017

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.

Priority

Medium

CVSS 3 base score: 7.4

Status

Package Release Status
openvpn
Launchpad, Ubuntu, Debian
precise
Released (2.2.1-8ubuntu1.5)
trusty
Released (2.3.2-7ubuntu3.2)
upstream
Released (2.4.3, 2.3.17)
xenial
Released (2.3.10-1ubuntu2.1)
yakkety
Released (2.3.11-1ubuntu2.1)
zesty
Released (2.4.0-4ubuntu1.3)
Patches:
upstream: https://github.com/OpenVPN/openvpn/commit/7718c8984f (master)
upstream: https://github.com/OpenVPN/openvpn/commit/043fe32787 (2.4)
upstream: https://github.com/OpenVPN/openvpn/commit/f38a4a1059 (2.3)
upstream: https://github.com/OpenVPN/openvpn/commit/4bec9d25d5 (2.2)