CRITICAL🇵🇱 Wersja polska

CVE-2025-12106

CVSS 9.1v3.1pub. 2025-12-01upd. 2025-12-30

Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  • Openvpn

    APP
    Openvpn
    2.6.132.7
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
VPN
CWE
References

Related vulnerabilities

CVE-2024-5594CRITICAL9.1PL ✓ten sam produkt

OpenVPN: Wstrzyknięcie danych przez nieoczyszczone wiadomości PUSH_REPLY

CVE-2024-27903CRITICAL9.8PL ✓ten sam produkt

OpenVPN dla Windows — ładowanie wtyczek z dowolnego katalogu

CVE-2023-46850CRITICAL9.8ten sam produkt

Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or rem...

CVE-2022-0547CRITICAL9.8ten sam produkt

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when...

CVE-2018-7544CRITICAL9.1ten sam produkt

A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When thi...