DEBIAN-CVE-2017-7478

DEBIAN-CVE-2017-7478 PUBLISHED CVSS 7.5 HIGH

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.

Risk Scores

CVSS v3.0

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:14	openvpn	0, 0, 0
Debian:13	openvpn	0, 0, 0
Debian:12	openvpn	0, 0, 0
Debian:11	openvpn	0, 0, 0

Timeline

May 15, 2017 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2017-7478 advisory

Open in Interactive Console →