Описание
openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation.
Ссылки
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.568761Mailing ListThird Party Advisory
- Release NotesVendor Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- ExploitThird Party Advisory
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.568761Mailing ListThird Party Advisory
- Release NotesVendor Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Одно из
EPSS
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
Связанные уязвимости
openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation.
openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x ...
openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation.
EPSS
7.8 High
CVSS3
4.6 Medium
CVSS2