Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-28820

June 27, 2024, 5:11 p.m.

Product(s) Impacted

openvpn-auth-ldap

  • 2.0.4

Description

Buffer overflow in the extract_openvpn_cr function in openvpn-cr.c in openvpn-auth-ldap (aka the Three Rings Auth-LDAP plugin for OpenVPN) 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this field and cause a buffer overflow.

Weaknesses

Date

Published: June 27, 2024, 4:15 p.m.

Last Modified: June 27, 2024, 5:11 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

cve@mitre.org

References