vulnerability

Ubuntu: USN-7340-1 (CVE-2017-12166): OpenVPN vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Oct 4, 2017	Mar 12, 2025	Apr 25, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Oct 4, 2017

Added

Mar 12, 2025

Modified

Apr 25, 2025

Description

It was discovered that OpenVPN did not perform proper input validation
when generating a TLS key under certain configuration, which could lead to
a buffer overflow. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS. (CVE-2017-12166)

Reynir Björnsson discovered that OpenVPN incorrectly handled certain
control channel messages with nonprintable characters. A remote attacker
could possibly use this issue to cause OpenVPN to consume resources, or
fill up log files with garbage, leading to a denial of service.
(CVE-2024-5594)

Solution

ubuntu-pro-upgrade-openvpn

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today