VYPR
Medium severity6.5NVD Advisory· Published Jun 27, 2017· Updated Jun 17, 2026

CVE-2017-7522

CVE-2017-7522

Description

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.

Affected products

11
  • OpenVPN/OpenVPN10 versions
    cpe:2.3:a:openvpn:openvpn:*:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:openvpn:openvpn:*:*:*:*:*:*:*:*range: <=2.3.16
    • cpe:2.3:a:openvpn:openvpn:2.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:openvpn:openvpn:2.4.0:alpha2:*:*:*:*:*:*
    • cpe:2.3:a:openvpn:openvpn:2.4.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:openvpn:openvpn:2.4.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:openvpn:openvpn:2.4.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:openvpn:openvpn:2.4.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:openvpn:openvpn:2.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:openvpn:openvpn:2.4.2:*:*:*:*:*:*:*
    • (no CPE)range: before 2.4.3

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.