Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Products
openvpn-auth-ldap
- 2.0.4
Source
cve@mitre.org
Tags
CVE-2024-28820 details
Published : June 27, 2024, 4:15 p.m.
Last Modified : June 27, 2024, 5:11 p.m.
Last Modified : June 27, 2024, 5:11 p.m.
Description
Buffer overflow in the extract_openvpn_cr function in openvpn-cr.c in openvpn-auth-ldap (aka the Three Rings Auth-LDAP plugin for OpenVPN) 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this field and cause a buffer overflow.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
References
| URL | Source |
|---|---|
| https://github.com/threerings/openvpn-auth-ldap/pull/92 | cve@mitre.org |
| https://github.com/threerings/openvpn-auth-ldap/tags | cve@mitre.org |
This website uses the NVD API, but is not approved or certified by it.