Описание
OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.
Ссылки
- Third Party AdvisoryVDB EntryURL Repurposed
- Third Party AdvisoryVDB EntryURL Repurposed
- PatchVendor Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB EntryURL Repurposed
- Third Party AdvisoryVDB EntryURL Repurposed
- PatchVendor Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.3.18 (исключая)Версия от 2.4.0 (включая) до 2.4.4 (исключая)
Одно из
cpe:2.3:a:openvpn:openvpn:*:*:*:*:*:*:*:*
cpe:2.3:a:openvpn:openvpn:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.05144
Низкий
9.8 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-787
Связанные уязвимости
CVSS3: 9.8
ubuntu
почти 8 лет назад
OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.
CVSS3: 9.8
debian
почти 8 лет назад
OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to ...
EPSS
Процентиль: 89%
0.05144
Низкий
9.8 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-787