CVE-2024-28820

June 27, 2024, 5:11 p.m.

None
No Score

Description

Buffer overflow in the extract_openvpn_cr function in openvpn-cr.c in openvpn-auth-ldap (aka the Three Rings Auth-LDAP plugin for OpenVPN) 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this field and cause a buffer overflow.

Product(s) Impacted

Product Versions
openvpn-auth-ldap
  • ['2.0.4']

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://github.com/threerings/openvpn-auth-ldap/pull/92
https://github.com/threerings/openvpn-auth-ldap/tags

Tags

cve@mitre.org
2024-06-27
CVE-2024-28820

Timeline

Published: June 27, 2024, 4:15 p.m.
Last Modified: June 27, 2024, 5:11 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.