CVE-2023-6247

CVE-2023-6247 affects the OpenVPN 3 Core Library up to version 3.8.3. The root cause is that the PKCS#7 parser did not properly validate the parsed data, which can cause the application to crash (availability impact). The advisory notes an in-scope impact of crashes, with CVSS 3.1 vector indicati...

CVE-2023-6247

The PKCS7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing...

CVE-2023-6247

The PKCS7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing...

CVE-2023-6247

The PKCS7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing...

CVE-2023-7245

The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 Windows/3.4.7 macOS was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via the ELECTRONRUNASNODE environment variable...

CVE-2023-7245

The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 Windows/3.4.7 macOS was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via the ELECTRONRUNASNODE environment variable...

Code injection

The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 Windows/3.4.7 macOS was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via the ELECTRONRUNASNODE environment variable...

CVE-2023-7245

The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 Windows/3.4.7 macOS was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via the ELECTRONRUNASNODE environment variable...

CVE-2023-7245

The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 Windows/3.4.7 macOS was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via the ELECTRONRUNASNODE environment variable...

CVE-2023-7245

OpenVPN Connect contains a local arbitrary-code execution vulnerability (CVE-2023-7245) in the nodejs/Electron runtime context. Affected: OpenVPN Connect 3.0–3.4.3 on Windows and 3.0–3.4.7 on macOS. Root cause: improper configuration of the nodejs environment, enabling ELECTRON_RUN_AS_NODE to exe...

OpenVPN Connect Security Breach

OpenVPN Connect is a VPN Virtual Private Network client application from US-based OpenVPN. A security vulnerability exists in OpenVPN Connect that originates from allowing a local attacker to execute arbitrary code in the context of a nodejs process via the ELECTRONRUNASNODE environment variable...

PT-2024-14912 · Openvpn · Openvpn 3 Core Library

Name of the Vulnerable Software and Affected Versions: OpenVPN 3 Core Library versions through 3.8.3 Description: The issue is related to the PKCS7 parser in the OpenVPN 3 Core Library, which did not properly validate the parsed data. This would result in the application crashing. Recommendations...

PT-2024-3588 · Openvpn · Openvpn Connect

Name of the Vulnerable Software and Affected Versions: OpenVPN Connect versions 3.0 through 3.4.3 Windows OpenVPN Connect versions 3.0 through 3.4.7 macOS Description: The issue is related to the nodejs framework in OpenVPN Connect, which was not properly configured. This configuration issue allo...

The vulnerability of the OpenVPN Connect software lies in its inability to properly execute instructions in the dynamically executed code, allowing a violator to execute arbitrary code.

The vulnerability of the OpenVPN Connect software is related to the failure to implement measures to neutralize the instructions in the dynamically executed code. Exploiting this vulnerability can allow an attacker to execute arbitrary code using the DYILDINSERTLIBRARIES environment variable...

CVE-2023-7224

OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLDINSERTLIBRARIES environment variable...

CVE-2023-7224

OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLDINSERTLIBRARIES environment variable...

Code injection

OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLDINSERTLIBRARIES environment variable...

CVE-2023-7224

OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLDINSERTLIBRARIES environment variable...

CVE-2023-7224

The CVE-2023-7224 issue affects OpenVPN Connect on macOS, version 3.0–3.4.6. The vulnerability arises when a local user can cause execution of code in external third‑party libraries via the DYLD_INSERT_LIBRARIES environment variable, indicating a local code‑execution risk. Documents confirm the a...

CVE-2023-7224

OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLDINSERTLIBRARIES environment variable...