CVE-2024-28882
July 8, 2024, 10:15 p.m.
Tags
Product(s) Impacted
OpenVPN
- 2.6.10
- earlier
Description
OpenVPN 2.6.10 and earlier in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session
Weaknesses
CWE-772
Missing Release of Resource after Effective Lifetime
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
CWE ID: 772Date
Published: July 8, 2024, 10:15 p.m.
Last Modified: July 8, 2024, 10:15 p.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
security@openvpn.net
References
https://community.openvpn.net/
security@openvpn.net
https://www.mail-archive.com/
security@openvpn.net