Denial of service in openvpn (Alpine package)
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-7479 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
openvpn (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Denial of service
EUVDB-ID: #VU6545
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-7479
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS conditions on the target system.
The weakness exists due to improper user-input validation. A remote attacker can cause the packet-IDs on the target server to be consumed, trigger the server process to hit an ASSERT() and stop running.
Successful exploitation of the vulnerability of results in denial of service.
Install update from vendor's website.
Vulnerable software versionsopenvpn (Alpine package): 2.3.14-r0
CPE2.3 External linkshttps://git.alpinelinux.org/aports/commit/?id=039751f5ad720c2660cf25b5d8c2e36579668098
https://git.alpinelinux.org/aports/commit/?id=854e970bd01adae0359b5e57829f40595a87b9fa
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
