CVE-2018-9336

CWE-4155 documents5 sources

Severity

7.8HIGH

EPSS

0.1%

top 75.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openvpn Openvpn Slackware Slackware Linux

Timeline

PublishedMay 1

Latest updateMay 14

Description

openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDopenvpn/openvpn2.4.0 — 2.4.6

▶Alpineopenvpn< 2.4.6-r0+13

▶NVDslackware/slackware_linux5 versions+4

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-9p34-3252-9gh9: openvpnserv↗2022-05-14

▶

OSV

CVE-2018-9336: openvpnserv↗2018-05-01

▶

CVEList

CVE-2018-9336: openvpnserv↗2018-05-01

▶

📋Vendor Advisories

Debian

CVE-2018-9336: openvpn - openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4...↗2018

▶