CVE-2017-7521

MEDIUM

OpenVPN <2.4.3, <2.3.17 - DoS

Title source: llm

Description

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().

References (4)

Scores

CVSS v3 5.9
EPSS 0.0045
EPSS Percentile 63.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE
CWE-772 CWE-415 CWE-400
Status draft

Affected Products (9)

openvpn/openvpn < 2.3.16
openvpn/openvpn
openvpn/openvpn
openvpn/openvpn
openvpn/openvpn
openvpn/openvpn
openvpn/openvpn
openvpn/openvpn
openvpn/openvpn

Timeline

Published Jun 27, 2017
Tracked Since Feb 18, 2026