| | 1 | = CVE-2023-6247: PKCS!#7 parser can result in NULL-dereference |
| | 2 | |
| | 3 | The PKCS!#7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing. |
| | 4 | |
| | 5 | This is resolved in OpenVPN 3 Core Library version 3.8.4. |
| | 6 | |
| | 7 | === Note |
| | 8 | |
| | 9 | The code paths this issue is related to is never used for OpenVPN connections. The related code is only used in some of the AWS API support functionality present in the library. |
| | 10 | |
| | 11 | === References |
| | 12 | |
| | 13 | MITRE CVE Record: https://www.cve.org/CVERecord?id=CVE-2023-6247 |
| | 14 | OpenVPN 3 Core commit: https://github.com/OpenVPN/openvpn3/commit/afdfe1bb3f4c54e8794 |
| | 15 | Reported by: Bahaa Naamneh |
