CVE-2017-7479

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into…

redhat·CWE-617·Published 2017-05-15

CVSS

—

EPSS

0.02

KEV

No

Exploits

0

Vendor statements (1)

debian.org

cve.orgen

189 chars

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

NVDen

189 chars

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

NVDes

257 chars

OpenVPN versiones anteriores a 2.3.15 y anteriores a 2.4.2, son vulnerables a una aserción alcanzable cuando el contador del identificador de paquete se devuelve como resultado de una denegación de servicio del servidor por parte de un atacante autenticado.

CVSS metrics across sources

2

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.0	8.0	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P
3.0	Primary	NVD	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H