Lucene search
F5F5:K63104801HistoryAug 03, 2017 - 12:00 a.m.
K63104801 : OpenVPN vulnerabilities CVE-2017-7508, CVE-2017-7520, CVE-2017-7521, and CVE-2017-7522
2017-08-0300:00:00
my.f5.com
127
Security Advisory Description
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.
Impact
There is no impact; F5 products are not affected by this vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| big-ip afm | eq | 11.4.1 | |
| big-ip afm | eq | 11.5.0 | |
| big-ip afm | eq | 11.5.1 | |
| big-ip afm | eq | 11.5.2 | |
| big-ip afm | eq | 11.5.3 | |
| big-ip afm | eq | 11.5.4 | |
| big-ip afm | eq | 11.6.0 | |
| big-ip afm | eq | 11.6.1 | |
| big-ip afm | eq | 12.0.0 | |
| big-ip afm | eq | 12.1.0 |
Related
redhatcve
redhatcve
openvas
openvas
Fedora Update for openvpn FEDORA-2017-5596f2f94d
2017-07-01 00:00:00
Fedora Update for openvpn FEDORA-2017-0639fb1490
2017-06-24 00:00:00
Slackware: Security Advisory (SSA:2017-172-01)
2022-04-21 00:00:00
amazon
amazon
Important: openvpn
2017-06-27 17:47:00
nessus
nessus
OpenVPN 2.3.x < 2.3.17 & 2.4.x < 2.4.3 Multiple Denial of Service Vulnerabilites (Windows)
2019-05-17 00:00:00
Amazon Linux AMI : openvpn (ALAS-2017-852)
2017-06-28 00:00:00
SUSE SLED12 / SLES12 Security Update : openvpn (SUSE-SU-2017:1635-1)
2017-06-22 00:00:00
thn
thn
Critical RCE Flaw Found in OpenVPN that Escaped Two Recent Security Audits
2017-06-21 21:08:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openvpn version June
2017-06-21 00:00:00
hackerone
hackerone
Internet Bug Bounty: 4 severe remote + several minor OpenVPN vulnerabilities
2017-06-23 10:58:19
fedora
fedora
[SECURITY] Fedora 26 Update: openvpn-2.4.3-1.fc26
2017-06-24 03:09:57
[SECURITY] Fedora 24 Update: openvpn-2.3.17-1.fc24
2017-06-30 20:51:03
[SECURITY] Fedora 25 Update: openvpn-2.4.3-1.fc25
2017-06-23 20:54:35
slackware
slackware
[slackware-security] openvpn
2017-06-21 18:40:28
freebsd
freebsd
OpenVPN -- several vulnerabilities
2017-05-19 00:00:00
suse
suse
Security update for openvpn (important)
2017-06-21 18:11:05
Security update for openvpn (important)
2017-06-26 15:16:30
Security update for openvpn-openssl1 (important)
2017-06-29 18:12:39
osv
osv
openvpn - security update
2017-06-27 00:00:00
CVE-2017-7522
2017-06-27 13:29:00
CVE-2017-7508
2017-06-27 13:29:00
archlinux
archlinux
[ASA-201706-27] openvpn: multiple issues
2017-06-22 00:00:00
debian
debian
[BSA-116] Security Update for openvpn
2017-07-05 07:52:52
[SECURITY] [DSA 3900-1] openvpn security update
2017-06-27 19:51:56
[SECURITY] [DSA 3900-1] openvpn security update
2017-06-27 19:51:56
mageia
mageia
Updated openvpn packages fix security vulnerabilities
2017-07-28 21:12:15
ubuntu
ubuntu
OpenVPN vulnerabilities
2017-06-22 00:00:00
OpenVPN vulnerability
2017-08-07 00:00:00
cve
cve
prion
prion
Null pointer dereference
2017-06-27 13:29:00
Denial of service
2017-06-27 13:29:00
Memory corruption
2017-06-27 13:29:00
nvd
nvd
debiancve
debiancve
ubuntucve
ubuntucve
cvelist
cvelist
threatpost
threatpost
OpenVPN Patches Critical Remote Code Execution Vulnerability
2017-06-21 11:14:36