CVE-2017-7521
Debian Security Advisory 3900-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().
Las versiones de OpenVPN anteriores a 2.4.3 y 2.3.17, son vulnerables a una denegación de servicio remota debido a un agotamiento de memoria causado por pérdida de memoria y un problema de doble liberación (Double Free) en la función extract_x509_extension().
Karthikeyan Bhargavan and Gaetan Leurent discovered that 64-bit block ciphers are vulnerable to a birthday attack. A remote attacker could possibly use this issue to recover cleartext data. Fixing this issue requires a configuration change to switch to a different cipher. This update adds a warning to the log file when a 64-bit block cipher is in use. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. It was discovered that OpenVPN incorrectly handled rollover of packet ids. An authenticated remote attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-04-05 CVE Reserved
- 2017-06-22 CVE Published
- 2024-08-05 CVE Updated
- 2025-06-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-415: Double Free
- CWE-772: Missing Release of Resource after Effective Lifetime
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/99230 | Third Party Advisory | |
| http://www.securitytracker.com/id/1038768 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3900 | 2019-10-03 | |
| https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 | 2019-10-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openvpn Search vendor "Openvpn" | Openvpn Search vendor "Openvpn" for product "Openvpn" | <= 2.3.16 Search vendor "Openvpn" for product "Openvpn" and version " <= 2.3.16" | - |
Affected
| ||||||
| Openvpn Search vendor "Openvpn" | Openvpn Search vendor "Openvpn" for product "Openvpn" | 2.4.0 Search vendor "Openvpn" for product "Openvpn" and version "2.4.0" | - |
Affected
| ||||||
| Openvpn Search vendor "Openvpn" | Openvpn Search vendor "Openvpn" for product "Openvpn" | 2.4.0 Search vendor "Openvpn" for product "Openvpn" and version "2.4.0" | alpha2 |
Affected
| ||||||
| Openvpn Search vendor "Openvpn" | Openvpn Search vendor "Openvpn" for product "Openvpn" | 2.4.0 Search vendor "Openvpn" for product "Openvpn" and version "2.4.0" | beta1 |
Affected
| ||||||
| Openvpn Search vendor "Openvpn" | Openvpn Search vendor "Openvpn" for product "Openvpn" | 2.4.0 Search vendor "Openvpn" for product "Openvpn" and version "2.4.0" | beta2 |
Affected
| ||||||
| Openvpn Search vendor "Openvpn" | Openvpn Search vendor "Openvpn" for product "Openvpn" | 2.4.0 Search vendor "Openvpn" for product "Openvpn" and version "2.4.0" | rc1 |
Affected
| ||||||
| Openvpn Search vendor "Openvpn" | Openvpn Search vendor "Openvpn" for product "Openvpn" | 2.4.0 Search vendor "Openvpn" for product "Openvpn" and version "2.4.0" | rc2 |
Affected
| ||||||
| Openvpn Search vendor "Openvpn" | Openvpn Search vendor "Openvpn" for product "Openvpn" | 2.4.1 Search vendor "Openvpn" for product "Openvpn" and version "2.4.1" | - |
Affected
| ||||||
| Openvpn Search vendor "Openvpn" | Openvpn Search vendor "Openvpn" for product "Openvpn" | 2.4.2 Search vendor "Openvpn" for product "Openvpn" and version "2.4.2" | - |
Affected
| ||||||