CVE-2024-28882

Name
CVE-2024-28882
Description
OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
https://community.openvpn.net/openvpn/wiki/CVE-2024-28882
https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html

Match rules

CPE URI Source package Min version Max version
openvpn >= 2.6.0 <= 2.6.10

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
openvpn 3.20-main 2.6.11-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
openvpn 3.19-main 2.6.11-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
openvpn 3.18-main 2.6.11-r0 Natanael Copa <ncopa@alpinelinux.org> fixed