CVE-2018-9336
NONE EPSS 44.6%
Published May 1, 20188y ago · Modified Jun 17, 20262w ago
Published May 1, 2018 8y ago
Last Modified Jun 17, 2026 2w ago
Description
openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation.
Threat Intelligence
EPSS Exploit Probability
44.6% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-415
Affected Products 6
References 5
- slackware.com http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.568761
- community.openvpn.net https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24
- github.com https://github.com/OpenVPN/openvpn/commit/1394192b210cb3c6624a7419bcf3ff966742e79b
- github.com https://github.com/OpenVPN/openvpn/releases/tag/v2.4.6
- tenable.com https://www.tenable.com/security/research/tra-2018-09
Remediation
- github.com https://github.com/OpenVPN/openvpn/commit/1394192b210cb3c6624a7419bcf3ff966742e79b