| | 1 | = CVE-2024-27459: Windows: fix a possible stack overflow in the interactive service component which might lead to a local privilege escalation |
| | 2 | |
| | 3 | interactive.c: Fix potential stack overflow issue |
| | 4 | |
| | 5 | When reading message from the pipe, we first peek the pipe to get the size of the message waiting to be read and then read the message. A compromised OpenVPN process could send an excessively large message, which would result in a stack-allocated message buffer overflow. |
| | 6 | |
| | 7 | To address this, we terminate the misbehaving process if the peeked message size exceeds the maximum allowable size. |
| | 8 | |
| | 9 | === References |
| | 10 | * Release notes: https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html |
| | 11 | * CVE record: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27459 |
| | 12 | * Reported by: Vladimir Tokarev <vtokarev@microsoft.com> |
