CVE-2024-5594

Опубликовано: 06 янв. 2025

Источник: debian

Описание

OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
openvpn	fixed	2.6.11-1		package
openvpn	fixed	2.6.3-1+deb12u3	bookworm	package

Примечания

https://github.com/OpenVPN/openvpn/commit/90e7a858e5594d9a019ad2b4ac6154124986291a (v2.6.11)
https://github.com/OpenVPN/openvpn/commit/d4921ba22f5ae4537d808986743a228617c86328 (v2.5.11)
Regression issue: https://github.com/OpenVPN/openvpn/issues/568
Regression fix: https://github.com/OpenVPN/openvpn/commit/343573990135023d855d151fcd9248e5c26d9f8b (v2.6.12)
Regression fix: https://github.com/OpenVPN/openvpn/commit/dddb87f126a6e87e61de830a9efe0bc257a71e2b (v2.5.11)

Связанные уязвимости

CVE-2024-5594

CVSS3: 9.1

ubuntu

10 месяцев назад

OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.

CVE-2024-5594

CVSS3: 9.1

nvd

10 месяцев назад

OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.

SUSE-SU-2025:1131-1

suse-cvrf

7 месяцев назад

Security update for openvpn

SUSE-SU-2025:1053-2

suse-cvrf

7 месяцев назад

Security update for openvpn

SUSE-SU-2025:1053-1

suse-cvrf

7 месяцев назад

Security update for openvpn