An out-of-bounds write vulnerability was found due to incorrect bounds check in read_key() which was performed after using the value, instead of before. This vulnerability is only exposed when explicitly selecting key-method 1 in the config (or on the command line). This allowed an attacker to send a malformed packet to trigger a stack buffer overflow. External References: https://community.openvpn.net/openvpn/wiki/CVE-2017-12166
Acknowledgments: Name: the OpenVPN project Upstream: Guido Vranken
Created openvpn tracking bugs for this issue: Affects: epel-all [bug 1497110] Affects: fedora-all [bug 1497111]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.