OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NOpenvpn
APPOpenvpn2.6.0 – 2.6.11 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
VPN
CWE
Related vulnerabilities
CVE-2025-12106CRITICAL9.1PL ✓ten sam produkt
OpenVPN: heap buffer over-read przy parsowaniu adresów IP
CVE-2024-27903CRITICAL9.8PL ✓ten sam produkt
OpenVPN dla Windows — ładowanie wtyczek z dowolnego katalogu
CVE-2023-46850CRITICAL9.8ten sam produkt
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or rem...
CVE-2022-0547CRITICAL9.8ten sam produkt
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when...
CVE-2018-7544CRITICAL9.1ten sam produkt
A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When thi...