CVE-2024-5198

Name of the Vulnerable Software and Affected Versions OpenVPN ovpn-dco for Windows version 1.1.1

Description The issue allows an unprivileged local attacker to send I/O control messages with invalid data to the driver, resulting in a NULL pointer dereference that leads to a system halt. This can be exploited by an attacker to cause a denial-of-service condition.

Recommendations For OpenVPN ovpn-dco for Windows version 1.1.1, consider disabling the driver until a patch is available to prevent exploitation. Restrict access to the driver to minimize the risk of sending invalid I/O control messages. Avoid using the driver for critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.