Openvpn: Security Vulnerabilities
OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.
CVSS Score
9.1
EPSS Score
0.003
Published
2025-01-06
OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session
CVSS Score
4.3
EPSS Score
0.003
Published
2024-07-08
tap-windows6 driver version 9.26 and earlier does not properly
check the size data of incomming write operations which an attacker can
use to overflow memory buffers, resulting in a bug check and potentially
arbitrary code execution in kernel space
CVSS Score
9.8
EPSS Score
0.083
Published
2024-07-08
The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.
CVSS Score
7.5
EPSS Score
0.111
Published
2024-07-08
The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.
CVSS Score
7.8
EPSS Score
0.054
Published
2024-07-08
OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.
CVSS Score
9.8
EPSS Score
0.07
Published
2024-07-08
The PKCS#7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing.
CVSS Score
6.5
EPSS Score
0.006
Published
2024-02-29
The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables.
CVSS Score
8.4
EPSS Score
0.0
Published
2024-02-21
The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via the ELECTRON_RUN_AS_NODE environment variable
CVSS Score
7.8
EPSS Score
0.002
Published
2024-02-20
OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable
CVSS Score
7.8
EPSS Score
0.001
Published
2024-01-08