The most critical vulnerability, CVE-2017-7521, affects OpenVPN server side and could allow an authenticated hacker to run code on a compromised box. Three of the four vulnerabilities were server-side with the other two causing servers to crash. The client-side bug allows an attacker to steal a password to gain access to the proxy. The vulnerabilities were not turned up in either audit, which were a combination of manual source code reviews and automated scanning; researcher Guido Vranken said he exclusively used a fuzzer to find these bugs.
Source: https://threatpost.com/openvpn-patches-critical-remote-code-execution-vulnerability/126425/