openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-05-01T18:00:00
Updated: 2024-08-05T07:17:52.100Z
Reserved: 2018-04-05T00:00:00
Link: CVE-2018-9336
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-05-01T18:29:00.697
Modified: 2018-06-13T14:27:26.440
Link: CVE-2018-9336
Redhat
No data.