Vulnerabilities > CVE-2024-27459 - Out-of-bounds Write vulnerability in Openvpn
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://community.openvpn.net/openvpn/wiki/CVE-2024-27459
- https://community.openvpn.net/openvpn/wiki/CVE-2024-27459
- https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/
- https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/
- https://www.mail-archive.com/[email protected]/msg07534.html
- https://www.mail-archive.com/[email protected]/msg07534.html