vulnerability
FreeBSD: VID-9f65d382-56a4-11e7-83e3-080027ef73ec (CVE-2017-7520): OpenVPN -- several vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:H/Au:N/C:P/I:N/A:P) | Jun 21, 2017 | Jun 22, 2017 | Dec 10, 2025 |
Severity
4
CVSS
(AV:N/AC:H/Au:N/C:P/I:N/A:P)
Published
Jun 21, 2017
Added
Jun 22, 2017
Modified
Dec 10, 2025
Description
Samuli Seppänen reports: In May/June 2017 Guido Vranken threw a fuzzer at OpenVPN 2.4.2. In the process he found several vulnerabilities and reported them to the OpenVPN project. [...] The first releases to have these fixes are OpenVPN 2.4.3 and 2.3.17. This is a list of fixed important vulnerabilities: Remotely-triggerable ASSERT() on malformed IPv6 packet Pre-authentication remote crash/information disclosure for clients Potential double-free in --x509-alt-username Remote-triggerable memory leaks Post-authentication remote DoS when using the --x509-track option Null-pointer dereference in establish_http_proxy_passthru()
Solutions
freebsd-upgrade-package-openvpnfreebsd-upgrade-package-openvpn-mbedtlsfreebsd-upgrade-package-openvpn-polarssl
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.