CVE-2017-7478
HIGH7.5EPSS 4.6%Published: 5/15/2017Modified: 4/28/2026
Description
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.
Affected packages (2)
- Alpine/openvpnfrom 0, < 2.3.15-r0
- Debian/openvpnfrom 0, < 2.4.0-5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |