CVE-2024-5594

Critical

OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected…

OpenVPN·CWE-1287·Published 2025-01-06

CVSS

9.1

EPSS

0.01

KEV

Exploits

cve.orgen

178 chars

OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.

NVDen

178 chars

OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.

NVDes

199 chars

OpenVPN anterior a 2.6.11 no desinfecta adecuadamente los mensajes PUSH_REPLY, lo cual los atacantes pueden usar para inyectar datos arbitrarios inesperados en ejecutables o complementos de terceros.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.1	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
3.1	Primary	cve.org	9.1	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N