| 1 | = CVE-2024-27459: Windows: fix a possible stack overflow in the interactive service component which might lead to a local privilege escalation |
| 2 | |
| 3 | interactive.c: Fix potential stack overflow issue |
| 4 | |
| 5 | When reading message from the pipe, we first peek the pipe to get the size of the message waiting to be read and then read the message. A compromised OpenVPN process could send an excessively large message, which would result in a stack-allocated message buffer overflow. |
| 6 | |
| 7 | To address this, we terminate the misbehaving process if the peeked message size exceeds the maximum allowable size. |
| 8 | |
| 9 | === References |
| 10 | * Release notes: https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html |
| 11 | * CVE record: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27459 |
| 12 | * Reported by: Vladimir Tokarev <vtokarev@microsoft.com> |