vulnerability
FreeBSD: VID-142c538e-b18f-40a1-afac-c479effadd5c (CVE-2024-5594): openvpn -- two security fixes
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:N/C:C/I:C/A:N) | Jun 20, 2024 | Dec 10, 2025 | Dec 10, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:N)
Published
Jun 20, 2024
Added
Dec 10, 2025
Modified
Dec 10, 2025
Description
Gert Doering reports that OpenVPN 2.6.11 fixes two security bugs (three on Windows): CVE-2024-5594: control channel: refuse control channel messages with nonprintable characters in them. Security scope: a malicious openvpn peer can send garbage to openvpn log, or cause high CPU load. (Reynir Björnsson) CVE-2024-28882: only call schedule_exit() once (on a given peer). Security scope: an authenticated client can make the server "keep the session" even when the server has been told to disconnect this client. (Reynir Björnsson)
Solution
freebsd-upgrade-package-openvpn
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.