{"id":"CVE-2017-12166","details":"OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.","modified":"2026-04-16T06:18:26.966075678Z","published":"2017-10-04T01:29:02.090Z","related":["SUSE-SU-2017:2838-1","SUSE-SU-2017:2839-1","SUSE-SU-2017:3177-1","openSUSE-SU-2024:11128-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/101153"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1039470"},{"type":"FIX","url":"https://community.openvpn.net/openvpn/wiki/CVE-2017-12166"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openvpn/openvpn","events":[{"introduced":"0"},{"fixed":"9779cef26e296bb7c94e336c0a1ea1f4da3276d9"},{"introduced":"307abe7b32e951ece58c7964b3fa72536aee6724"},{"fixed":"1f458322cdaffed02184df8c638bde69256a840a"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.3.18"},{"introduced":"2.4.0"},{"fixed":"2.4.4"}]}}],"versions":["contains","v2.1.0","v2.1.1","v2.1.2","v2.1.3","v2.1_rc1","v2.1_rc10","v2.1_rc11","v2.1_rc12","v2.1_rc13","v2.1_rc14","v2.1_rc15","v2.1_rc16","v2.1_rc17","v2.1_rc18","v2.1_rc19","v2.1_rc2","v2.1_rc20","v2.1_rc21","v2.1_rc22","v2.1_rc3","v2.1_rc4","v2.1_rc5","v2.1_rc6","v2.1_rc7","v2.1_rc8","v2.1_rc9","v2.2-RC","v2.2-RC2","v2.2-beta4","v2.2-beta5","v2.3-alpha1","v2.3.0","v2.3.1","v2.3.10","v2.3.11","v2.3.12","v2.3.13","v2.3.14","v2.3.15","v2.3.16","v2.3.17","v2.3.2","v2.3.3","v2.3.4","v2.3.5","v2.3.6","v2.3.7","v2.3.8","v2.3.9","v2.3_alpha2","v2.3_alpha3","v2.3_beta1","v2.3_rc1","v2.3_rc2","v2.4.0","v2.4.1","v2.4.2","v2.4.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12166.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}