Name of the Vulnerable Software and Affected Versions OpenVPN versions prior to 2.3.9

Description The issue is related to an out of bounds read error in the resolve remote() function, located in the socket.c file. This error occurs when handling both IPv4 and IPv6 connections, as OpenVPN reads a struct sockaddr in6 but the data structure is smaller in the IPv4 case.

Recommendations For OpenVPN versions prior to 2.3.9, update to version 2.3.9 to fix this issue and several other bugs.