CVE-2017-7478
HIGH7.5EPSS 4.6%Published: 5/15/2017Modified: 11/19/2025
Also known as:ALPINE-CVE-2017-7478DEBIAN-CVE-2017-7478
Description
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.
Affected packages (2)
- Alpine/openvpnfrom 0, < 2.3.15-r0
- Debian/openvpnfrom 0, < 2.4.0-5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |