cbcvebase.
CVE-2005-3393
published 2005-11-01

CVE-2005-3393: Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string…

PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.48%
87.6th percentile
Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option.

Affected

9 ranges
VendorProductVersion rangeFixed in
debianopenvpn< openvpn 2.0.5-1 (bookworm)openvpn 2.0.5-1 (bookworm)
openvpnopenvpn
openvpnopenvpn
openvpnopenvpn>= 0 < 2.0.5-12.0.5-1
openvpnopenvpn>= 0 < 2.0.5-12.0.5-1
openvpnopenvpn>= 0 < 2.0.5-12.0.5-1
openvpnopenvpn>= 0 < 2.0.5-12.0.5-1
openvpnopenvpn_access_server
openvpnopenvpn_access_server

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.