Vulnerability Details CVE-2024-5594
OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.2%
CVSS Severity
CVSS v3 Score 9.1
References
Products affected by CVE-2024-5594
-
cpe:2.3:a:openvpn:openvpn:2.6.0
-
cpe:2.3:a:openvpn:openvpn:2.6.1
-
cpe:2.3:a:openvpn:openvpn:2.6.10
-
cpe:2.3:a:openvpn:openvpn:2.6.2
-
cpe:2.3:a:openvpn:openvpn:2.6.3
-
cpe:2.3:a:openvpn:openvpn:2.6.4
-
cpe:2.3:a:openvpn:openvpn:2.6.5
-
cpe:2.3:a:openvpn:openvpn:2.6.6
-
cpe:2.3:a:openvpn:openvpn:2.6.7
-
cpe:2.3:a:openvpn:openvpn:2.6.8
-
cpe:2.3:a:openvpn:openvpn:2.6.9