FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

security/openvpn-auth-ldap -- Fix buffer overflow in challenge/response

Affected packages
openvpn-auth-ldap < 2.0.4_3

Details

VuXML ID e915b60e-ea25-11ef-a1c0-0050569f0b83
Discovery 2024-06-27
Entry 2025-02-13

Graham Northup reports:

A buffer overflow in extract_openvpn_cr allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this field and cause a buffer overflow.

[source]

References

CVE Name CVE-2024-28820
URL https://nvd.nist.gov/vuln/detail/CVE-2024-28820

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.