GHSA-f2h8-4w6p-535w

Опубликовано: 06 янв. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 9.1

Описание

OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which attackers can use to inject unexpected arbitrary data into third-party executables or plug-ins.

Ссылки

EPSS

Процентиль: 31%

0.00113

Низкий

9.1 Critical

CVSS3

CVE ID

CVE-2024-5594

Дефекты

CWE-1287

Связанные уязвимости

CVE-2024-5594

CVSS3: 9.1

ubuntu

5 месяцев назад

OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.

CVE-2024-5594

CVSS3: 9.1

nvd

5 месяцев назад

OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.

CVE-2024-5594

CVSS3: 9.1

debian

5 месяцев назад

OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly wh ...

SUSE-SU-2025:1131-1

suse-cvrf

3 месяца назад

Security update for openvpn

SUSE-SU-2025:1053-2

suse-cvrf

3 месяца назад

Security update for openvpn

EPSS

Процентиль: 31%

0.00113

Низкий

9.1 Critical

CVSS3

CVE ID

CVE-2024-5594

Дефекты

CWE-1287