OpenVPN 2.4.0 Release Candidate 2
Approved changes feed: RSS · Atom
cpe:2.3:a:openvpn:openvpn:2.4.0:rc2:*:*:*:*:*:*
part: a version: 2.4.0 update: rc2
| Vendor | Openvpn (69250643-f594-58ab-9395-086994cbe5f3) |
|---|---|
| Product | Openvpn (cff78dd9-2909-5405-93d7-f62ace8a52df) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/openvpn |
purl2cpe | 2026-06-01 10:12:11.053018 |
pkg:deb/ubuntu/openvpn |
purl2cpe | 2026-06-01 10:12:11.053019 |
pkg:github/openvpn/openvpn |
purl2cpe | 2026-06-01 10:12:11.053021 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2017-7522 |
vulnerable | 2026-06-03 14:37:32.351652 |
Details available
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.
Published: 2017-06-27T13:00:00.000Z
Updated: 2024-08-05T16:04:11.857Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-7521 |
vulnerable | 2026-06-03 14:37:32.351147 |
Details available
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().
Published: 2017-06-27T13:00:00.000Z
Updated: 2024-08-05T16:04:11.856Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-7520 |
vulnerable | 2026-06-03 14:37:32.350605 |
Details available
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.
Published: 2017-06-27T13:00:00.000Z
Updated: 2024-08-05T16:04:11.764Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-7508 |
vulnerable | 2026-06-03 14:37:32.282291 |
Details available
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.
Published: 2017-06-27T13:00:00.000Z
Updated: 2024-08-05T16:04:11.917Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-7479 |
vulnerable | 2026-06-03 14:37:32.049737 |
Details available
OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.
Published: 2017-05-15T18:00:00.000Z
Updated: 2024-08-05T16:04:11.543Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-7478 |
vulnerable | 2026-06-03 14:37:32.047617 |
Details available
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.
Published: 2017-05-15T18:00:00.000Z
Updated: 2024-08-05T16:04:11.580Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.