{"id":"CVE-2017-7522","details":"OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.","modified":"2026-04-11T12:01:53.603256Z","published":"2017-06-27T13:29:00.273Z","related":["openSUSE-SU-2024:11128-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"2.4.0-alpha2"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:openvpn:openvpn:2.4.0:alpha2:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"2.4.0-beta1"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:openvpn:openvpn:2.4.0:beta1:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"2.4.0-beta2"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:openvpn:openvpn:2.4.0:beta2:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"2.4.0-rc1"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:openvpn:openvpn:2.4.0:rc1:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"2.4.0-rc2"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:openvpn:openvpn:2.4.0:rc2:*:*:*:*:*:*"}]},"references":[{"type":"WEB","url":"http://www.securitytracker.com/id/1038768"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/99230"},{"type":"ADVISORY","url":"https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openvpn/openvpn","events":[{"introduced":"0"},{"last_affected":"d044e188fb5669fed380c14473ef1045c88f9e80"},{"last_affected":"307abe7b32e951ece58c7964b3fa72536aee6724"},{"last_affected":"bb9d4c91c95f245dea87735e4e05661e04931b33"},{"last_affected":"85161685f42f2d8c69604e0825e75fe1287e57bd"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"2.3.16"},{"last_affected":"2.4.0"},{"last_affected":"2.4.1"},{"last_affected":"2.4.2"}],"source":"CPE_FIELD","cpe":["cpe:2.3:a:openvpn:openvpn:*:*:*:*:*:*:*:*","cpe:2.3:a:openvpn:openvpn:2.4.0:*:*:*:*:*:*:*","cpe:2.3:a:openvpn:openvpn:2.4.1:*:*:*:*:*:*:*","cpe:2.3:a:openvpn:openvpn:2.4.2:*:*:*:*:*:*:*"]}}],"versions":["contains","v2.1.0","v2.1.1","v2.1.2","v2.1.3","v2.1_rc1","v2.1_rc10","v2.1_rc11","v2.1_rc12","v2.1_rc13","v2.1_rc14","v2.1_rc15","v2.1_rc16","v2.1_rc17","v2.1_rc18","v2.1_rc19","v2.1_rc2","v2.1_rc20","v2.1_rc21","v2.1_rc22","v2.1_rc3","v2.1_rc4","v2.1_rc5","v2.1_rc6","v2.1_rc7","v2.1_rc8","v2.1_rc9","v2.2-RC","v2.2-RC2","v2.2-beta4","v2.2-beta5","v2.3-alpha1","v2.3.0","v2.3.1","v2.3.10","v2.3.11","v2.3.12","v2.3.13","v2.3.14","v2.3.15","v2.3.16","v2.3.2","v2.3.3","v2.3.4","v2.3.5","v2.3.6","v2.3.7","v2.3.8","v2.3.9","v2.3_alpha2","v2.3_alpha3","v2.3_beta1","v2.3_rc1","v2.3_rc2","v2.4.0","v2.4.1","v2.4.2","v2.4_alpha1","v2.4_alpha2","v2.4_beta1","v2.4_beta2","v2.4_rc1","v2.4_rc2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7522.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}