4 severe remote + several minor OpenVPN vulnerabilities

Disclosed: 2019-10-14 00:24:28 By guido To ibb
High
Vulnerability Details
CVE-2017-7521 Remote server crashes/double-free/memory leaks in certificate processing CVE-2017-7520 Remote (including MITM) client crash, data leak CVE-2017-7508 Remote server crash (forced assertion failure) CVE-2017-7522 Crash mbed TLS/PolarSSL-based server (no cve) Remote/mitm Null-pointer dereference in establish_http_proxy_passthru() (no cve) Stack buffer overflow if long –tls-cipher is given (no cve) Remote (including MITM) client stack buffer corruption https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/
Actions
View on HackerOne
Report Stats
  • Report ID: 242579
  • State: Closed
  • Substate: resolved
  • Upvotes: 27
Share this report