Multiple Exit Notifications in OpenVPN Server Role
CVE-2024-28882

Currently unrated

Key Information:

Vendor: Openvpn
Status: Openvpn
Vendor: CVE Published:; 8 July 2024

Summary

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session

Affected Version(s)

OpenVPN 2.6.0 <= 2.6.10

References

https://community.openvpn.net/openvpn/wiki/CVE-2024-28882

https://www.mail-archive.com/[email protected]...

Timeline

Vulnerability published
Jul 8, 2024