wiki:CVE-2023-6247

Context Navigation

← Previous Version
View Latest Version
Next Version →

Version 1 (modified by David Sommerseth, 7 months ago) (diff)
--

CVE-2023-6247: PKCS#7 parser can result in NULL-dereference

The PKCS#7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing.

This is resolved in OpenVPN 3 Core Library version 3.8.4.

Note

The code paths this issue is related to is never used for OpenVPN connections. The related code is only used in some of the AWS API support functionality present in the library.

References

MITRE CVE Record: https://www.cve.org/CVERecord?id=CVE-2023-6247 OpenVPN 3 Core commit: https://github.com/OpenVPN/openvpn3/commit/afdfe1bb3f4c54e8794 Reported by: Bahaa Naamneh

Download in other formats:

Plain Text