wiki:CVE-2023-6247

CVE-2023-6247: PKCS#7 parser in OpenVPN 3 Core Library can result in NULL-dereference

The PKCS#7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing.

This is resolved in OpenVPN 3 Core Library version 3.8.4.

Note

The code paths this issue is related to is never used for OpenVPN connections. The related code is only used in some of the AWS API support functionality present in the library.

References

Last modified 9 months ago Last modified on 03/18/24 17:57:19