PT-2018-18991 · Openvpn+2 · Openvpn+2

Jacob Baines

Publicado

2018-05-01

Atualizado

2024-06-15

CVE-2018-9336

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenVPN versions 2.4.0 through 2.4.5

Description The issue allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service, potentially leading to a denial-of-service through memory corruption or possibly having unspecified other impact, including privilege escalation.

Recommendations For OpenVPN versions 2.4.0 through 2.4.5, update to version 2.4.6 or later to resolve the issue.

Exploit

Correção

DoS

Double Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-415

Identificadores relacionados

ALT-PU-2018-1644

CVE-2018-9336

MGASA-2018-0329

OPENSUSE-SU-2018_1912-1

OPENSUSE-SU-2024:11128-1

SUSE-SU-2018:1888-1

SUSE-SU-2018_1888-1

Produtos afetados

Alt Linux

Openvpn

Suse

PT-2018-18991 · Openvpn+2 · Openvpn+2

CVE-2018-9336

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 36