PT-2025-26282 · Openvpn · Openvpn
Published
2025-06-17
·
Updated
2025-07-20
·
CVE-2025-50054
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
OpenVPN ovpn-dco-win versions 1.3.0 and earlier
OpenVPN ovpn-dco-win versions 2.5.8 and earlier
Description
The issue allows a local user process to send a too large control message buffer to the kernel driver, resulting in a system crash. This occurs due to a buffer overflow in the affected OpenVPN versions.
Recommendations
For OpenVPN ovpn-dco-win versions 1.3.0 and earlier, update to a version later than 1.3.0 to resolve the issue.
For OpenVPN ovpn-dco-win versions 2.5.8 and earlier, update to a version later than 2.5.8 to resolve the issue.
As a temporary workaround, consider restricting the size of control message buffers sent to the kernel driver to prevent system crashes.
Fix
DoS
Memory Corruption
Heap Based Buffer Overflow
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openvpn