2 matches found
CLSA-2025-1744710425 Fix CVE(s): CVE-2024-5594
SECURITY UPDATE: Improper PUSHREPLY sanitization allows attackers to inject arbitrary data into third-party executables - debian/patches/CVE-2024-5594.patch: Properly handle null bytes and invalid characters in control - CVE-2024-5594 UPDATE CERTIFICATES: Renew sample keys -...
UBUNTU-CVE-2024-5594
OpenVPN before 2.6.11 does not santize PUSHREPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs...