CVE-2025-50054 — Heap-based Buffer Overflow in Ovpn-dco-win

CWE-122 — Heap-based Buffer Overflow CWE-787 — Out-of-bounds Write2 documents2 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 77.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openvpn Ovpn-dco-win

Timeline

PublishedJun 20

Description

Buffer overflow in OpenVPN ovpn-dco-win version 1.3.0 and earlier and version 2.5.8 and earlier allows a local user process to send a too large control message buffer to the kernel driver resulting in a system crash

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5openvpn/ovpn-dco-win< 1.3.1+1

▶NVDopenvpn/ovpn-dco-win2.4.0 — 2.5.8+1

🔴Vulnerability Details

GHSA

GHSA-c5v3-f4mm-7xmw: Buffer overflow in OpenVPN ovpn-dco-win version 1↗2025-06-20

▶