CVE-2017-7478 – OpenVPN 2.4.0 - Denial of Service

https://notcve.org/view.php?id=CVE-2017-7478

11 May 2017 — OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2. OpenVPN versión 2.3.12 y más recientes, son vulnerables a la Denegación de Servicio no autenticada del servidor por medio de un paquete de control grande recibido. Tenga en cuenta que este problema se corrige en versiones 2.3.15 y 2.4.2. It was discovered that OpenVPN improperly triggered an assert when receiving an oversized cont... • https://packetstorm.news/files/id/142489 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •