CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-12166
https://notcve.org/view.php?id=CVE-2017-12166
OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. OpenVPN en versiones anteriores a la 2.3.3 y en versiones 2.4.x anteriores a la 2.4.4 es vulnerable a undesbordamiento de búfer cuando se utiliza key-method 1, lo que puede provocar la ejecución de código. • http://www.securityfocus.com/bid/101153 http://www.securitytracker.com/id/1039470 https://community.openvpn.net/openvpn/wiki/CVE-2017-12166 https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2017-7508
https://notcve.org/view.php?id=CVE-2017-7508
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. Las versiones anteriores a 2.4.3 y anterior a 2.3.17 de OpenVPN, son vulnerables a la denegación de servicio remota cuando se reciben paquetes IPv6 malformados. • http://www.debian.org/security/2017/dsa-3900 http://www.securityfocus.com/bid/99230 http://www.securitytracker.com/id/1038768 https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 • CWE-617: Reachable Assertion •
CVSS: 7.4EPSS: 0%CPEs: 9EXPL: 0CVE-2017-7520
https://notcve.org/view.php?id=CVE-2017-7520
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker. Las versiones anteriores a 2.4.3 y anterior a 2.3.17 de OpenVPN, son vulnerables a la denegación de servicio y/o posiblemente a la pérdida de memoria confidencial activada por un atacante de tipo man-in-the-middle. • http://www.debian.org/security/2017/dsa-3900 http://www.securityfocus.com/bid/99230 http://www.securitytracker.com/id/1038768 https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 1%CPEs: 9EXPL: 0CVE-2017-7521
https://notcve.org/view.php?id=CVE-2017-7521
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension(). Las versiones de OpenVPN anteriores a 2.4.3 y 2.3.17, son vulnerables a una denegación de servicio remota debido a un agotamiento de memoria causado por pérdida de memoria y un problema de doble liberación (Double Free) en la función extract_x509_extension(). • http://www.debian.org/security/2017/dsa-3900 http://www.securityfocus.com/bid/99230 http://www.securitytracker.com/id/1038768 https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 • CWE-400: Uncontrolled Resource Consumption CWE-415: Double Free CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2017-7522
https://notcve.org/view.php?id=CVE-2017-7522
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character. Las versiones de OpenVPN anteriores a 2.4.3 y 2.3.17, son vulnerables a una denegación de servicio por parte de un atacante remoto autenticado mediante el envío de un certificado con un carácter NULL insertado. • http://www.securityfocus.com/bid/99230 http://www.securitytracker.com/id/1038768 https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •