Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HOpenvpn
APPOpenvpn2.6.132.7
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
VPN
CWE
Related vulnerabilities
CVE-2024-5594CRITICAL9.1PL ✓ten sam produkt
OpenVPN: Wstrzyknięcie danych przez nieoczyszczone wiadomości PUSH_REPLY
CVE-2024-27903CRITICAL9.8PL ✓ten sam produkt
OpenVPN dla Windows — ładowanie wtyczek z dowolnego katalogu
CVE-2023-46850CRITICAL9.8ten sam produkt
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or rem...
CVE-2022-0547CRITICAL9.8ten sam produkt
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when...
CVE-2018-7544CRITICAL9.1ten sam produkt
A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When thi...