FKIE_CVE-2024-1305

Vulnerability from fkie_nvd - Published: 2024-07-08 18:15 - Updated: 2025-08-22 15:36
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
tap-windows6 driver version 9.26 and earlier does not properly check the size data of incomming write operations which an attacker can use to overflow memory buffers, resulting in a bug check and potentially arbitrary code execution in kernel space
References
security@openvpn.nethttps://community.openvpn.net/openvpn/wiki/CVE-2024-1305Vendor Advisory
security@openvpn.nethttps://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.htmlRelease Notes, Mailing List
af854a3a-2127-422b-91ae-364da2661108https://community.openvpn.net/openvpn/wiki/CVE-2024-1305Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.htmlRelease Notes, Mailing List
Impacted products
Vendor Product Version
openvpn tap-windows6 *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openvpn:tap-windows6:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1361B991-0259-40EC-89A2-06B591C84F5C",
              "versionEndIncluding": "9.26.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "tap-windows6 driver version 9.26 and earlier does not properly \ncheck the size data of incomming write operations which an attacker can \nuse to overflow memory buffers, resulting in a bug check and potentially\n arbitrary code execution in kernel space"
    },
    {
      "lang": "es",
      "value": "La versi\u00f3n 9.26 y anteriores del controlador tap-windows6 no verifica correctamente los datos de tama\u00f1o de las operaciones de escritura entrantes que un atacante puede usar para desbordar los b\u00fafers de memoria, lo que resulta en una verificaci\u00f3n de errores y la ejecuci\u00f3n de c\u00f3digo potencialmente arbitrario en el espacio del kernel."
    }
  ],
  "id": "CVE-2024-1305",
  "lastModified": "2025-08-22T15:36:38.907",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-07-08T18:15:07.150",
  "references": [
    {
      "source": "security@openvpn.net",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-1305"
    },
    {
      "source": "security@openvpn.net",
      "tags": [
        "Release Notes",
        "Mailing List"
      ],
      "url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-1305"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Mailing List"
      ],
      "url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html"
    }
  ],
  "sourceIdentifier": "security@openvpn.net",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "security@openvpn.net",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.