CVE-2023-6247
Published: 29 February 2024
The PKCS#7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing.
Notes
Author | Note |
---|---|
mdeslaur | code doesn't seem present in v2.x |
Priority
Status
Package | Release | Status |
---|---|---|
openvpn Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(3.x only)
|
focal |
Not vulnerable
(3.x only)
|
|
jammy |
Not vulnerable
(3.x only)
|
|
mantic |
Not vulnerable
(3.x only)
|
|
noble |
Not vulnerable
(3.x only)
|
|
trusty |
Not vulnerable
(3.x only)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(3.x only)
|
|
Patches: upstream: https://github.com/OpenVPN/openvpn3/commit/afdfe1bb3f4c54e8794 |