What is CVE-2017-7478?

CVE-2017-7478 is a high-severity vulnerability in Openvpn, classified under Reachable Assertion. CVSS score: 7.5/10. Published 2017-05-15.

How severe is CVE-2017-7478?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2017-7478 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Openvpn

CVE-2017-7478

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.

EPSS: 0.046 (89.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Openvpn — versions 2.3.12, 2.3.13, 2.3.14
Openvpn Technologies, Inc — versions 2.3.12 and newer

Weakness classification (CWE)

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

secalert@redhat.com (exploit, x_refsource_EXPLOIT-DB)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
secalert@redhat.com (vdb-entry, x_refsource_SECTRACK)
secalert@redhat.com (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2017-7478?: CVE-2017-7478 is a high-severity vulnerability in Openvpn, classified under Reachable Assertion. CVSS score: 7.5/10. Published 2017-05-15.
How severe is CVE-2017-7478?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2017-7478 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.