CVSS: 7.4EPSS: 0%CPEs: 9EXPL: 0CVE-2017-7520
https://notcve.org/view.php?id=CVE-2017-7520
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker. Las versiones anteriores a 2.4.3 y anterior a 2.3.17 de OpenVPN, son vulnerables a la denegación de servicio y/o posiblemente a la pérdida de memoria confidencial activada por un atacante de tipo man-in-the-middle. • http://www.debian.org/security/2017/dsa-3900 http://www.securityfocus.com/bid/99230 http://www.securitytracker.com/id/1038768 https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 1%CPEs: 9EXPL: 0CVE-2017-7521
https://notcve.org/view.php?id=CVE-2017-7521
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension(). Las versiones de OpenVPN anteriores a 2.4.3 y 2.3.17, son vulnerables a una denegación de servicio remota debido a un agotamiento de memoria causado por pérdida de memoria y un problema de doble liberación (Double Free) en la función extract_x509_extension(). • http://www.debian.org/security/2017/dsa-3900 http://www.securityfocus.com/bid/99230 http://www.securitytracker.com/id/1038768 https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 • CWE-400: Uncontrolled Resource Consumption CWE-415: Double Free CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2017-7522
https://notcve.org/view.php?id=CVE-2017-7522
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character. Las versiones de OpenVPN anteriores a 2.4.3 y 2.3.17, son vulnerables a una denegación de servicio por parte de un atacante remoto autenticado mediante el envío de un certificado con un carácter NULL insertado. • http://www.securityfocus.com/bid/99230 http://www.securitytracker.com/id/1038768 https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 23%CPEs: 10EXPL: 1CVE-2017-7478 – OpenVPN 2.4.0 - Denial of Service
https://notcve.org/view.php?id=CVE-2017-7478
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2. OpenVPN versión 2.3.12 y más recientes, son vulnerables a la Denegación de Servicio no autenticada del servidor por medio de un paquete de control grande recibido. Tenga en cuenta que este problema se corrige en versiones 2.3.15 y 2.4.2. OpenVPN version 2.4.0 suffers from an unauthenticated denial of service vulnerability. • https://www.exploit-db.com/exploits/41993 http://www.securityfocus.com/bid/98444 http://www.securitytracker.com/id/1038473 https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-7479
https://notcve.org/view.php?id=CVE-2017-7479
OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. OpenVPN versiones anteriores a 2.3.15 y anteriores a 2.4.2, son vulnerables a una aserción alcanzable cuando el contador del identificador de paquete se devuelve como resultado de una denegación de servicio del servidor por parte de un atacante autenticado. • http://www.debian.org/security/2017/dsa-3900 http://www.securityfocus.com/bid/98443 http://www.securitytracker.com/id/1038473 https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits • CWE-617: Reachable Assertion •