CVE-2024-28820

MEDIUM Year: 2024
CVSS v3 Score
6.3
Medium
Weakness Type
CWE-125
View all →

Vulnerability Description

Buffer overflow in the extract_openvpn_cr function in openvpn-cr.c in openvpn-auth-ldap (aka the Three Rings Auth-LDAP plugin for OpenVPN) 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this field and cause a buffer overflow.

Related Vulnerabilities

CVE-2016-4652

MEDIUM
CVSS:6.3(Medium)

CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via...

CWE-1252016

CVE-2017-18446

MEDIUM
CVSS:6.3(Medium)

cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250).

CWE-1252017

CVE-2021-39218

MEDIUM
CVSS:6.3(Medium)

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and ou...

CWE-1252021

CVE-2023-1544

MEDIUM
CVSS:6.3(Medium)

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of...

CWE-1252023

CVE-2023-20851

MEDIUM
CVSS:6.3(Medium)

In stc, there is a possible out of bounds read due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploit...

CWE-1252023

CVE-2023-25514

MEDIUM
CVSS:6.3(Medium)

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. ...

CWE-1252023