CVE-2017-7478
7.5
HIGH
CVSS 3.1
EPSS 4.6%
Description
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.
How to fix CVE-2017-7478
To remediate CVE-2017-7478, upgrade the affected package to a fixed version below.
- Alpine/openvpn—upgrade to 2.3.15-r0 or later
- Debian/openvpn—upgrade to 2.4.0-5 or later
Is CVE-2017-7478 being exploited?
Low — EPSS is 4.6%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.3.15-r0
- from 0, < 2.4.0-5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |