CVE-2017-12166: Buffer Overflow
First published: Wed Oct 04 2017(Updated: )
OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenVPN Monitor | <2.3.18 | |
| OpenVPN Monitor | >=2.4.0<2.4.4 | |
| Debian | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-12166?
CVE-2017-12166 is classified as a high severity vulnerability due to the potential for code execution resulting from a buffer overflow.
How do I fix CVE-2017-12166?
To mitigate CVE-2017-12166, upgrade OpenVPN to version 2.3.3 or later, or 2.4.4 or later.
What versions are affected by CVE-2017-12166?
CVE-2017-12166 affects OpenVPN versions prior to 2.3.3 and versions in the 2.4.x range before 2.4.4.
What causes CVE-2017-12166?
CVE-2017-12166 is caused by a buffer overflow vulnerability that occurs when using key-method 1 in OpenVPN.
Is CVE-2017-12166 exploitable remotely?
Yes, CVE-2017-12166 can be exploited remotely, allowing an attacker to execute arbitrary code.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/weakness
- agent/remedy
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/openvpn
- canonical/openvpn monitor
- version/openvpn monitor/2.4.0
- vendor/debian
- canonical/debian
- version/debian/9.0