Memory Buffer Overflow Vulnerability in tap-windows6 Driver
CVE-2024-1305

Currently unrated

Key Information:

Vendor: Openvpn
Status: Tap-windows6; Openvpn-gui
Vendor: CVE Published:; 8 July 2024

Summary

tap-windows6 driver version 9.26 and earlier does not properly check the size data of incomming write operations which an attacker can use to overflow memory buffers, resulting in a bug check and potentially arbitrary code execution in kernel space

Affected Version(s)

OpenVPN-GUI Windows 2.6.9 and earlier

tap-windows6 Windows 9.26 or earlier

References

https://community.openvpn.net/openvpn/wiki/CVE-2024-1305

https://www.mail-archive.com/[email protected]...

Timeline

Vulnerability published
Jul 8, 2024