Описание
OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 2.6.11-1ubuntu1 |
| esm-infra-legacy/trusty | released | 2.3.2-7ubuntu3.2+esm2 |
| esm-infra/bionic | released | 2.4.4-2ubuntu1.7+esm1 |
| esm-infra/focal | not-affected | 2.4.12-0ubuntu0.20.04.2 |
| esm-infra/xenial | released | 2.3.10-1ubuntu2.2+esm2 |
| focal | released | 2.4.12-0ubuntu0.20.04.2 |
| jammy | released | 2.5.9-0ubuntu0.22.04.3 |
| mantic | released | 2.6.5-0ubuntu1.2 |
| noble | released | 2.6.9-1ubuntu4.1 |
| oracular | released | 2.6.11-1ubuntu1 |
Показывать по
10
EPSS
Процентиль: 31%
0.00113
Низкий
9.1 Critical
CVSS3
Связанные уязвимости
CVSS3: 9.1
nvd
5 месяцев назад
OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.
CVSS3: 9.1
debian
5 месяцев назад
OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly wh ...
EPSS
Процентиль: 31%
0.00113
Низкий
9.1 Critical
CVSS3