ALPINE-CVE-2017-7478

ALPINE-CVE-2017-7478 PUBLISHED CVSS 7.5 HIGH

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.

Risk Scores

CVSS v3.0

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.6	openvpn	2.0.9-r1, 2.0.9-r2, 2.1.1-r1
Alpine:v3.5	openvpn	0, 2.0.9-r0, 2.0.9-r1

Timeline

May 15, 2017 CVE Published
Nov 19, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2017-7478 advisory

Open in Interactive Console →