The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.
[
{
"cpes": [
"cpe:2.3:a:openvpn:openvpn_gui:*:*:*:*:*:*:*:*"
],
"vendor": "openvpn",
"product": "openvpn_gui",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "2.6.9"
}
],
"defaultStatus": "unknown"
}
]