NULL Pointer Dereference Vulnerability in OpenVPN Driver for Windows
CVE-2024-5198

3.3LOW

Key Information:

Vendor: Openvpn
Status: Ovpn-dco; Openvpn-gui
Vendor: CVE Published:; 15 January 2025

Summary

The OpenVPN ovpn-dco driver for Windows version 1.1.1 is susceptible to a vulnerability that allows a local, unprivileged attacker to send malformed I/O control messages. This can lead to a NULL pointer dereference within the driver, which may cause the system to halt unexpectedly, disrupting services and potentially leading to further exploitation.

Affected Version(s)

OpenVPN-GUI Windows 2.6.10-I002

ovpn-dco Windows 1.1.1

References

https://community.openvpn.net/openvpn/wiki/CVE-2024-5198

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 15, 2025
Vulnerability Reserved
May 22, 2024