CVE-2024-5594

Опубликовано: 06 янв. 2025

Источник: debian

EPSS Низкий

Описание

OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
openvpn	fixed	2.6.11-1		package
openvpn	fixed	2.6.3-1+deb12u3	bookworm	package

Примечания

https://github.com/OpenVPN/openvpn/commit/90e7a858e5594d9a019ad2b4ac6154124986291a (v2.6.11)

EPSS

Процентиль: 31%

0.00113

Низкий

Связанные уязвимости

CVE-2024-5594

CVSS3: 9.1

ubuntu

5 месяцев назад

OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.

CVE-2024-5594

CVSS3: 9.1

nvd

5 месяцев назад

OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.

SUSE-SU-2025:1131-1

suse-cvrf

3 месяца назад

Security update for openvpn

SUSE-SU-2025:1053-2

suse-cvrf

3 месяца назад

Security update for openvpn

SUSE-SU-2025:1053-1

suse-cvrf

3 месяца назад

Security update for openvpn

EPSS

Процентиль: 31%

0.00113

Низкий