CVE-2024-27459

Summary

The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.

Affected Software

VendorProductVersion RangeStatus
OpenVPNOpenVPN GUI2.6.9 and earlieraffected

Weaknesses

  • CWE-121: Stack-based Buffer Overflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References