vulnerability
OpenVPN stack overflow (CVE-2024-27459)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:S/C:C/I:C/A:C) | Jul 8, 2024 | Dec 12, 2024 | Dec 12, 2024 |
Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
Jul 8, 2024
Added
Dec 12, 2024
Modified
Dec 12, 2024
Description
The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.
Solution
openvpn-openvpn-upgrade-latest
References
- CVE-2024-27459
- https://attackerkb.com/topics/CVE-2024-27459
- URL-https://community.openvpn.net/openvpn/wiki/CVE-2024-27459
- URL-https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/
- URL-https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.