CVE-2024-5198

Summary

OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O control messages with invalid data to the driver resulting in a NULL pointer dereference leading to a system halt.

Affected Software

VendorProductVersion RangeStatus
OpenVPNovpn-dco1.1.1affected
OpenVPNOpenVPN-GUI2.6.10-I002affected

Weaknesses

  • CWE-476: NULL Pointer Dereference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References