CVE-2024-5594 Information

Description

OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which attackers can use to inject unexpected arbitrary data into third-party executables or plug-ins.

Reference

https://community.openvpn.net/openvpn/wiki/CVE-2024-5594 https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html