Description
An incorrect buffer size calculation in the epoch key generator in OpenVPN ovpn-dco-win version 2.0.0 through 2.8.3 allows a remote authenticated peer to trigger a heap-based buffer overflow and kernel memory corruption via a crafted data packet, resulting in a system crash (denial of service).
Published: 2026-06-10
Score: 5.6 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An incorrect calculation of buffer size in the epoch key generator of OpenVPN ovpn-dco‑win allows a remote authenticated peer to trigger a heap-based buffer overflow that corrupts kernel memory, resulting in a system crash.

Affected Systems

This flaw exists in OpenVPN’s ovpn-dco‑win component for versions 2.0.0 through 2.8.3, and it affects any instance that accepts connections from authenticated peers.

Risk and Exploitability

The CVSS score of 5.6 indicates moderate severity, while the EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog. Exploitation requires that the attacker is already authenticated to the OpenVPN server, and the impact is limited to denial of service via a system crash. No elevation of privilege or data exfiltration is reported.

Generated by OpenCVE AI on June 10, 2026 at 22:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest OpenVPN ovpn‑dco‑win release (greater than 2.8.3) to replace the vulnerable code.
  • If an immediate upgrade is not possible, restrict DCO‑enabled connections so that only trusted peers can authenticate, reducing the attack surface.
  • Configure system monitoring to detect kernel panics or repeated service restarts and trigger alerts for suspicious crash patterns.

Generated by OpenCVE AI on June 10, 2026 at 22:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Title Heap Buffer Overflow in OpenVPN ovpn-dco-win Leading to System Crash
First Time appeared Openvpn
Openvpn ovpn-dco-win
Vendors & Products Openvpn
Openvpn ovpn-dco-win

Wed, 10 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description An incorrect buffer size calculation in the epoch key generator in OpenVPN ovpn-dco-win version 2.0.0 through 2.8.3 allows a remote authenticated peer to trigger a heap-based buffer overflow and kernel memory corruption via a crafted data packet, resulting in a system crash (denial of service).
Weaknesses CWE-122
CWE-131
CWE-787
References
Metrics cvssV4_0

{'score': 5.6, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H'}

Subscriptions

Openvpn Ovpn-dco-win
cve-icon MITRE

Status: PUBLISHED

Assigner: OpenVPN

Published:

Updated: 2026-06-10T21:04:37.141Z

Reserved: 2026-06-08T15:19:28.369Z

Link: CVE-2026-11604

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-10T22:16:55.643

Modified: 2026-06-10T22:16:55.643

Link: CVE-2026-11604

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T22:30:22Z

Weaknesses