Public Date:
1463642: CVE-2017-7508 CVE-2017-7520 CVE-2017-7521 CVE-2017-7522 openvpn: Multiple security issues fixed in OpenVPN 2.4.3 and 2.3.17

The MITRE CVE dictionary describes this issue as:

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.

Find out more about CVE-2017-7520 from the MITRE CVE dictionary dictionary and NIST NVD.


This issue does not affect Red Hat Enterprise Linux 5, 6 and 7 as OpenVPN is not included in any of Red Hat's supported products.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 7.5
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact High


Red Hat would like to thank the OpenVPN project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.

External References

Last Modified

CVE description copyright © 2017, The MITRE Corporation