OpenVPN 2.7.0_beta3 < 2.7.0_I017 Buffer Overflow (Windows)

According to its self-reported version number, the version of OpenVPN installed on the remote Windows host is affected by buffer overflow vulnerability: - The ovpn-dco-win version 2.8.0 has a flaw which appears when connecting to an OpenVPN 2.7.0 server, or other implementations with data epoch...

PT-2026-20934

Buffer overflow in ovpn‑dco‑win version 2.8.0 allows local attackers to cause a system crash by sending too large packets to the remote peer when the AEAD tag appears at the end of the encrypted packet...

CVE-2025-13751

Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7alpha1 through 2.7rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service...

CVE-2025-13751

CVE-2025-13751 affects OpenVPN on Windows, specifically the Interactive Service Agent. The vulnerability arises from mishandling of an Interactive Service Proxy error, allowing a local authenticated user to connect to the service and trigger an error that results in a local denial of service. Aff...

CVE-2025-13751

Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7alpha1 through 2.7rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service...

SUSE CVE-2024-27903

OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service...

CVE-2021-3606

OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process openvpn.exe...