Lucene search
GoogleOSV:CVE-2018-9336HistoryMay 01, 2018 - 6:29 p.m.
CVE-2018-9336
2018-05-0118:29:00
Google
osv.dev
7
EPSS
0
Percentile
5.1%
openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation.
References
www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.568761
community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24
github.com/OpenVPN/openvpn/commit/1394192b210cb3c6624a7419bcf3ff966742e79b
github.com/OpenVPN/openvpn/releases/tag/v2.4.6
www.tenable.com/security/research/tra-2018-09
Related
ubuntucve
ubuntucve
CVE-2018-9336
2018-05-01 00:00:00
nessus
nessus
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : openvpn (SSA:2018-116-01)
2018-04-27 00:00:00
OpenVPN 2.4.x < 2.4.6 Denial of Service Vulnerability (Windows)
2019-05-17 00:00:00
SUSE SLED15 / SLES15 Security Update : openvpn (SUSE-SU-2018:1888-1)
2019-01-02 00:00:00
mageia
mageia
Updated openvpn packages fix security vulnerability
2018-08-10 17:37:39
suse
suse
Security update for openvpn (moderate)
2018-07-07 00:12:45
openvas
openvas
Slackware: Security Advisory (SSA:2018-116-01)
2022-04-21 00:00:00
Mageia: Security Advisory (MGASA-2018-0329)
2022-01-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:1888-1)
2021-06-09 00:00:00
nvd
nvd
CVE-2018-9336
2018-05-01 18:29:00
cve
cve
CVE-2018-9336
2018-05-01 18:29:00
prion
prion
Double free
2018-05-01 18:29:00
debiancve
debiancve
CVE-2018-9336
2018-05-01 18:29:00
cvelist
cvelist
CVE-2018-9336
2018-05-01 18:00:00
slackware
slackware
[slackware-security] openvpn
2018-04-27 04:43:21
alpinelinux
alpinelinux
CVE-2018-9336
2018-05-01 18:29:00
osv
osv
openvpn-2.5.3-1.2 on GA media
2024-06-15 00:00:00