Openvpn : Security Vulnerabilities, CVEs, (Memory corruption)
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
Max CVSS
9.8
EPSS Score
0.52%
Published
2023-11-11
Updated
2023-11-29
openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation.
Max CVSS
7.8
EPSS Score
0.04%
Published
2018-05-01
Updated
2018-06-13
OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.
Max CVSS
9.8
EPSS Score
0.71%
Published
2017-10-04
Updated
2022-05-12
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().
Max CVSS
5.9
EPSS Score
1.20%
Published
2017-06-27
Updated
2019-10-03
OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service (segmentation fault) by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler.
Max CVSS
5.0
EPSS Score
9.33%
Published
2005-11-02
Updated
2020-05-12
5 vulnerabilities found