PT-2024-14912 · Openvpn · Openvpn 3 Core Library
Published
2024-02-20
·
Updated
2025-08-21
·
CVE-2023-6247
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
OpenVPN 3 Core Library versions through 3.8.3
Description
The issue is related to the PKCS#7 parser in the OpenVPN 3 Core Library, which did not properly validate the parsed data. This would result in the application crashing.
Recommendations
For OpenVPN 3 Core Library versions through 3.8.3, update to a version later than 3.8.3 to resolve the issue.
At the moment, there is no information about other mitigation measures.
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openvpn 3 Core Library