What the vulnerability does

01Description

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.

Key dates

02Disclosure timeline

May 15, 2017 CVE published
August 5, 2024 Record updated