- Description
- OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which attackers can use to inject unexpected arbitrary data into third-party executables or plug-ins.
- Source
- security@openvpn.net
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
- security@openvpn.net
- CWE-1287
- Hype score
- Not currently trending
#Vulnerability #CVE202428882 CVE-2024-5594 (CVSS 9.1): Critical Vulnerability in OpenVPN Enables Code Execution https://t.co/X3h1fLGiZa
@Komodosec
14 Jan 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-5594 impacts OpenVPN #CVE-2024-5594 #OpenVPN https://t.co/v6gnl3QlSg
@pravin_karthik
12 Jan 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
OpenVPNが重大(Critical)な脆弱性を修正。CVE-2024-5594はCVSSスコア9.1で、悪意あるピアがサードパーティー実行ファイルやプラグインに任意のデータを注入できることによるコード実行のおそれ。PUSH_REPLYメッセージの無害化不備に起因。その他の脆弱性も修正あり。 https://t.co/MN0OrFlmMu
@__kokumoto
9 Jan 2025
1828 Impressions
13 Retweets
42 Likes
6 Bookmarks
0 Replies
0 Quotes
CVE-2024-5594 01/06/2025 02:15:08 PM BaseSeverity: CRITICAL OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which attackers can use to inject unexpected arbitrary data into third-party executables or ... https://t.co/9oc3eS4uMY
@CVETracker
7 Jan 2025
47 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-5594 OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which attackers can use to inject unexpected arbitrary data into third-party executables or plug-ins. https://t.co/gh0D3y2rB4
@CVEnew
6 Jan 2025
496 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes