An out-of-bounds write vulnerability was found due to incorrect bounds check in read_key() which was performed after using the value, instead of before. This vulnerability is only exposed when explicitly selecting key-method 1 in the config (or on the command line). This allowed an attacker to send a malformed packet to trigger a stack buffer overflow.
Name: the OpenVPN project
Upstream: Guido Vranken
Created openvpn tracking bugs for this issue:
Affects: epel-all [bug 1497110]
Affects: fedora-all [bug 1497111]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.