CVE-2025-50054

medium

Description

Buffer overflow in OpenVPN ovpn-dco-win version 1.3.0 and earlier and version 2.5.8 and earlier allows a local user process to send a too large control message buffer to the kernel driver resulting in a system crash

References

https://community.openvpn.net/Security%20Announcements/CVE-2025-50054

https://community.openvpn.net/Downloads#openvpn-27_alpha2-released-19-june-2025

Details

Source: Mitre, NVD

Published: 2025-06-20

Updated: 2025-06-23

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H