CVE-2005-3393Use of Externally-Controlled Format String in Openvpn

4 documents4 sources
Severity
7.5HIGHNVD
EPSS
1.6%
top 18.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
OpenvpnDebian OpenvpnOpenvpn Access Server
Timeline
PublishedNov 1
Latest updateMay 1

Description

Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

debiandebian/openvpn< openvpn 2.0.5-1 (bookworm)
Debianopenvpn/openvpn< 2.0.5-1+3
NVDopenvpn/openvpn2.0, 2.0_beta11+1
NVDopenvpn/openvpn_access_server2.0.1, 2.0.2+1

Patches

Patch: secunia.comPatch: www.securityfocus.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-26pq-368c-c8f2: Format string vulnerability in the foreign_option function in options2022-05-01
OSV
CVE-2005-3393: Format string vulnerability in the foreign_option function in options2005-11-01

📋Vendor Advisories

1
Debian
CVE-2005-3393: openvpn - Format string vulnerability in the foreign_option function in options.c for Open...2005
CVE-2005-3393 — Debian Openvpn vulnerability | cvebase