Lucene search

Alpine Linux Development TeamALPINE:CVE-2024-28820

HistoryJun 27, 2024 - 4:15 p.m.

CVE-2024-28820

2024-06-2716:15:10

Alpine Linux Development Team

security.alpinelinux.org

buffer overflow

openvpn-auth-ldap

ldap

unix

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

7.6

Confidence

Low

JSON

Buffer overflow in the extract_openvpn_cr function in openvpn-cr.c in openvpn-auth-ldap (aka the Three Rings Auth-LDAP plugin for OpenVPN) 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this field and cause a buffer overflow.

OSVersionArchitecturePackageVersionFilename
Alpineedge-mainnoarchopenvpn-auth-ldap< 2.0.4-r7UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-main	noarch	openvpn-auth-ldap	< 2.0.4-r7	UNKNOWN