CVE-2024-28882

Опубликовано: 08 июл. 2024

Источник: debian

Описание

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
openvpn	fixed	2.6.11-1		package
openvpn	fixed	2.6.3-1+deb12u3	bookworm	package
openvpn	not-affected		bullseye	package

Примечания

Introduced by: https://github.com/OpenVPN/openvpn/commit/d468dff7bdfd79059818c190ddf41b125bb658de (v2.6_beta1)
Fixed by: https://github.com/OpenVPN/openvpn/commit/65fb67cd6c320a426567b2922c4282fb8738ba3f (v2.6.11)

Связанные уязвимости

CVE-2024-28882

CVSS3: 4.3

ubuntu

12 месяцев назад

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session

CVE-2024-28882

CVSS3: 4.3

nvd

12 месяцев назад

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session

SUSE-SU-2024:3532-1

suse-cvrf

9 месяцев назад

Security update for openvpn

SUSE-SU-2024:3502-1

suse-cvrf

9 месяцев назад

Security update for openvpn

ROS-20240816-06

CVSS3: 4.3

redos

10 месяцев назад

Уязвимость openvpn