CVE-2017-7522 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 67%

Affected Products (NVD)

Vendor	Product	Version
openvpn	openvpn	𝑥 ≤ 2.3.16
openvpn	openvpn	2.4.0
openvpn	openvpn	2.4.0:alpha2
openvpn	openvpn	2.4.0:beta1
openvpn	openvpn	2.4.0:beta2
openvpn	openvpn	2.4.0:rc1
openvpn	openvpn	2.4.0:rc2
openvpn	openvpn	2.4.1
openvpn	openvpn	2.4.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

openvpn

bookworm	2.6.3-1+deb12u2 fixed
bookworm (security)	2.6.3-1+deb12u2 fixed
bullseye	2.5.1-3 fixed
jessie	not-affected
sid	2.6.12-1 fixed
trixie	2.6.12-1 fixed
wheezy	not-affected

Ubuntu Releases

Ubuntu Product

Codename

openvpn

trusty	not-affected
xenial	not-affected
yakkety	not-affected
zesty	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

openvpn

suse enterprise desktop 15	2.4.3-3.39 fixed
suse enterprise desktop 15 SP1	2.4.3-5.3.19 fixed
suse enterprise desktop 15 SP2	2.4.3-5.3.19 fixed
suse enterprise desktop 15 SP3	2.4.3-5.3.19 fixed
suse enterprise desktop 15 SP4	2.5.5-150400.1.5 fixed
suse enterprise desktop 15 SP5	2.5.6-150400.3.6.1 fixed
suse enterprise desktop 15 SP6	2.6.8-150600.1.5 fixed
suse enterprise desktop 15 SP7	2.6.8-150600.3.14.1 fixed
suse enterprise sap 15	2.4.3-3.39 fixed
suse enterprise sap 15 SP1	2.4.3-5.3.19 fixed
suse enterprise sap 15 SP2	2.4.3-5.3.19 fixed
suse enterprise sap 15 SP3	2.4.3-5.3.19 fixed
suse enterprise sap 15 SP4	2.5.5-150400.1.5 fixed
suse enterprise sap 15 SP5	2.5.6-150400.3.6.1 fixed
suse enterprise sap 15 SP6	2.6.8-150600.1.5 fixed
suse enterprise sap 15 SP7	2.6.8-150600.3.14.1 fixed
suse enterprise server 15	2.4.3-3.39 fixed
suse enterprise server 15 SP1	2.4.3-5.3.19 fixed
suse enterprise server 15 SP2	2.4.3-5.3.19 fixed
suse enterprise server 15 SP3	2.4.3-5.3.19 fixed
suse enterprise server 15 SP4	2.5.5-150400.1.5 fixed
suse enterprise server 15 SP5	2.5.6-150400.3.6.1 fixed
suse enterprise server 15 SP6	2.6.8-150600.1.5 fixed
suse enterprise server 15 SP7	2.6.8-150600.3.14.1 fixed

openvpn-auth-pam-plugin

suse enterprise desktop 15	2.4.3-3.39 fixed
suse enterprise desktop 15 SP1	2.4.3-5.3.19 fixed
suse enterprise desktop 15 SP2	2.4.3-5.3.19 fixed
suse enterprise desktop 15 SP3	2.4.3-5.3.19 fixed
suse enterprise desktop 15 SP4	2.5.5-150400.1.5 fixed
suse enterprise desktop 15 SP5	2.5.6-150400.3.6.1 fixed
suse enterprise desktop 15 SP6	2.6.8-150600.1.5 fixed
suse enterprise desktop 15 SP7	2.6.8-150600.3.14.1 fixed
suse enterprise sap 15	2.4.3-3.39 fixed
suse enterprise sap 15 SP1	2.4.3-5.3.19 fixed
suse enterprise sap 15 SP2	2.4.3-5.3.19 fixed
suse enterprise sap 15 SP3	2.4.3-5.3.19 fixed
suse enterprise sap 15 SP4	2.5.5-150400.1.5 fixed
suse enterprise sap 15 SP5	2.5.6-150400.3.6.1 fixed
suse enterprise sap 15 SP6	2.6.8-150600.1.5 fixed
suse enterprise sap 15 SP7	2.6.8-150600.3.14.1 fixed
suse enterprise server 15	2.4.3-3.39 fixed
suse enterprise server 15 SP1	2.4.3-5.3.19 fixed
suse enterprise server 15 SP2	2.4.3-5.3.19 fixed
suse enterprise server 15 SP3	2.4.3-5.3.19 fixed
suse enterprise server 15 SP4	2.5.5-150400.1.5 fixed
suse enterprise server 15 SP5	2.5.6-150400.3.6.1 fixed
suse enterprise server 15 SP6	2.6.8-150600.1.5 fixed
suse enterprise server 15 SP7	2.6.8-150600.3.14.1 fixed

openvpn-dco

suse enterprise desktop 15 SP7	2.6.8-150600.3.14.1 fixed
suse enterprise sap 15 SP7	2.6.8-150600.3.14.1 fixed
suse enterprise server 15 SP7	2.6.8-150600.3.14.1 fixed

openvpn-dco-devel

suse enterprise desktop 15 SP7	2.6.8-150600.3.14.1 fixed
suse enterprise sap 15 SP7	2.6.8-150600.3.14.1 fixed
suse enterprise server 15 SP7	2.6.8-150600.3.14.1 fixed

openvpn-devel

suse enterprise desktop 15	2.4.3-3.39 fixed
suse enterprise desktop 15 SP1	2.4.3-5.3.19 fixed
suse enterprise desktop 15 SP2	2.4.3-5.3.19 fixed
suse enterprise desktop 15 SP3	2.4.3-5.3.19 fixed
suse enterprise desktop 15 SP4	2.5.5-150400.1.5 fixed
suse enterprise desktop 15 SP5	2.5.6-150400.3.6.1 fixed
suse enterprise desktop 15 SP6	2.6.8-150600.1.5 fixed
suse enterprise desktop 15 SP7	2.6.8-150600.3.14.1 fixed
suse enterprise sap 15	2.4.3-3.39 fixed
suse enterprise sap 15 SP1	2.4.3-5.3.19 fixed
suse enterprise sap 15 SP2	2.4.3-5.3.19 fixed
suse enterprise sap 15 SP3	2.4.3-5.3.19 fixed
suse enterprise sap 15 SP4	2.5.5-150400.1.5 fixed
suse enterprise sap 15 SP5	2.5.6-150400.3.6.1 fixed
suse enterprise sap 15 SP6	2.6.8-150600.1.5 fixed
suse enterprise sap 15 SP7	2.6.8-150600.3.14.1 fixed
suse enterprise server 15	2.4.3-3.39 fixed
suse enterprise server 15 SP1	2.4.3-5.3.19 fixed
suse enterprise server 15 SP2	2.4.3-5.3.19 fixed
suse enterprise server 15 SP3	2.4.3-5.3.19 fixed
suse enterprise server 15 SP4	2.5.5-150400.1.5 fixed
suse enterprise server 15 SP5	2.5.6-150400.3.6.1 fixed
suse enterprise server 15 SP6	2.6.8-150600.1.5 fixed
suse enterprise server 15 SP7	2.6.8-150600.3.14.1 fixed

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

http://www.securityfocus.com/bid/99230

http://www.securitytracker.com/id/1038768

https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243

http://www.securityfocus.com/bid/99230

http://www.securitytracker.com/id/1038768

https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243