VDB
GCVE-110-MAGEIA-2016-10
GCVE-110-MAGEIA-2016-10
Advisory Published
OpenVPN versions before 2.3.9 contain an out of bounds read error in
resolve_remote() in the file socket.c. With both IPv4 and IPv6
connections, OpenVPN will read a struct sockaddr_in6, but in the IPv4 case
the data structure is smaller than in the IPv6 case.
The openvpn package has been updated to version 2.3.9, fixing this issue
and several other bugs. See the upstream Changelog for details.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | nodejs | 0 (affected), 0.10.41-1.mga5 (unaffected) | — |
| Mageia | openvpn | 0 (affected), 2.3.9-1.mga5 (unaffected), 0 (affected), 2.3.9-1.mga5 (unaffected) | — |
References
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.