CVE-2026-2738Incorrect Calculation of Buffer Size in Ovpn-dco-win

CWE-131Incorrect Calculation of Buffer Size2 documents2 sources
Severity
5.6MEDIUMNVD
EPSS
0.0%
top 94.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openvpn Ovpn-dco-win
Timeline
PublishedFeb 19

Description

Buffer overflow in ovpn‑dco‑win version 2.8.0 allows local attackers to cause a system crash by sending too large packets to the remote peer when the AEAD tag appears at the end of the encrypted packet

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

Affected Packages1 packages

CVEListV5openvpn/ovpn-dco-win2.8.0

🔴Vulnerability Details

1
GHSA
GHSA-4jg5-735x-q4x2: Buffer overflow in ovpn‑dco‑win version 22026-02-19