CVE-2017-7478

Source
https://cve.org/CVERecord?id=CVE-2017-7478
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7478.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-7478
Downstream
Related
Published
2017-05-15T18:29:00.293Z
Modified
2026-07-07T08:49:36.893015319Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "CPE_STRING",
            "vendor_product": "openvpn:openvpn",
            "extracted_events": [
                {
                    "introduced": "2.3.12"
                },
                {
                    "last_affected": "2.3.12"
                },
                {
                    "introduced": "2.4.0-alpha2"
                },
                {
                    "last_affected": "2.4.0-alpha2"
                },
                {
                    "introduced": "2.4.0-alpha2"
                },
                {
                    "last_affected": "2.4.0-alpha2"
                },
                {
                    "introduced": "2.4.0-beta1"
                },
                {
                    "last_affected": "2.4.0-beta1"
                },
                {
                    "introduced": "2.4.0-beta1"
                },
                {
                    "last_affected": "2.4.0-beta1"
                },
                {
                    "introduced": "2.4.0-beta2"
                },
                {
                    "last_affected": "2.4.0-beta2"
                },
                {
                    "introduced": "2.4.0-beta2"
                },
                {
                    "last_affected": "2.4.0-beta2"
                },
                {
                    "introduced": "2.4.0-rc1"
                },
                {
                    "last_affected": "2.4.0-rc1"
                },
                {
                    "introduced": "2.4.0-rc1"
                },
                {
                    "last_affected": "2.4.0-rc1"
                },
                {
                    "introduced": "2.4.0-rc2"
                },
                {
                    "last_affected": "2.4.0-rc2"
                },
                {
                    "introduced": "2.4.0-rc2"
                },
                {
                    "last_affected": "2.4.0-rc2"
                }
            ],
            "cpes": [
                "cpe:2.3:a:openvpn:openvpn:2.3.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:openvpn:openvpn:2.4.0:alpha2:*:*:*:*:*:*",
                "cpe:2.3:a:openvpn:openvpn:2.4.0:beta1:*:*:*:*:*:*",
                "cpe:2.3:a:openvpn:openvpn:2.4.0:beta2:*:*:*:*:*:*",
                "cpe:2.3:a:openvpn:openvpn:2.4.0:rc1:*:*:*:*:*:*",
                "cpe:2.3:a:openvpn:openvpn:2.4.0:rc2:*:*:*:*:*:*"
            ]
        }
    ]
}
References

Affected packages

Git / github.com/openvpn/openvpn

Affected ranges

Type
GIT
Repo
https://github.com/openvpn/openvpn
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:openvpn:openvpn:2.3.12:*:*:*:*:*:*:*",
        "cpe:2.3:a:openvpn:openvpn:2.3.13:*:*:*:*:*:*:*",
        "cpe:2.3:a:openvpn:openvpn:2.3.14:*:*:*:*:*:*:*",
        "cpe:2.3:a:openvpn:openvpn:2.4.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:openvpn:openvpn:2.4.1:*:*:*:*:*:*:*"
    ],
    "source": "CPE_STRING",
    "extracted_events": [
        {
            "introduced": "2.3.12"
        },
        {
            "last_affected": "2.3.12"
        },
        {
            "introduced": "2.3.13"
        },
        {
            "last_affected": "2.3.13"
        },
        {
            "introduced": "2.3.14"
        },
        {
            "last_affected": "2.3.14"
        },
        {
            "introduced": "2.4.0"
        },
        {
            "last_affected": "2.4.0"
        },
        {
            "introduced": "2.4.1"
        },
        {
            "last_affected": "2.4.1"
        }
    ]
}

Affected versions

2.*
2.3.12
2.3.13
2.3.14
2.4.0
2.4.1

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7478.json"