Lucene search

Ubuntu.comUB:CVE-2024-28882

HistoryJun 25, 2024 - 12:00 a.m.

CVE-2024-28882

2024-06-2500:00:00

ubuntu.com

cve-2024-28882

unix

security vulnerability

AI Score

6.3

Confidence

Low

EPSS

Percentile

9.2%

JSON

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit
notifications from authenticated clients which will extend the validity of
a closing session

Notes

Author	Note
mdeslaur	likely introduced in: https://github.com/OpenVPN/openvpn/commit/d468dff7bdfd79059818c190ddf41b125bb658de

OSVersionArchitecturePackageVersionFilename
ubuntu23.10noarchopenvpn< 2.6.5-0ubuntu1.2UNKNOWN
ubuntu24.04noarchopenvpn< 2.6.9-1ubuntu4.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	23.10	noarch	openvpn	< 2.6.5-0ubuntu1.2	UNKNOWN
ubuntu	24.04	noarch	openvpn	< 2.6.9-1ubuntu4.1	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2024-28882

nvd.nist.gov/vuln/detail/CVE-2024-28882

security-tracker.debian.org/tracker/CVE-2024-28882

ubuntu.com/security/notices/USN-6860-1

www.cve.org/CVERecord?id=CVE-2024-28882