CVE-2024-1305

Published: 8 July 2024

tap-windows6 driver version 9.26 and earlier does not properly check the size data of incomming write operations which an attacker can use to overflow memory buffers, resulting in a bug check and potentially arbitrary code execution in kernel space

Notes

Author	Note
mdeslaur	Windows-specific driver

Priority

Status

Package	Release	Status
openvpn Launchpad, Ubuntu, Debian	bionic	Not vulnerable (Windows only)
	focal	Not vulnerable (Windows only)
	jammy	Not vulnerable (Windows only)
	mantic	Ignored (end of life, was needs-triage)
	noble	Not vulnerable (Windows only)
	trusty	Not vulnerable (Windows only)
	upstream	Needs triage
	xenial	Not vulnerable (Windows only)

References

https://www.cve.org/CVERecord?id=CVE-2024-1305
https://community.openvpn.net/openvpn/wiki/CVE-2024-1305
https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›