Changes between Version 3 and Version 4 of CVE-2024-28882


Ignore:
Timestamp:
07/09/24 12:18:29 (2 months ago)
Author:
flichtenheld
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • CVE-2024-28882

    v3 v4  
    1 = CVE-2024-28882: OpenVPN 2.x potential DoS via management interface
     1= CVE-2024-28882: OpenVPN in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session
    22
    3 only call schedule_exit() once (on a given peer). 
     3only call schedule_exit() once (on a given peer).
    44
    55Security scope: an authenticated client can make the server "keep the session" even when the server has been told to disconnect this client.
    66
     7Affected versions: 2.6.0 until 2.6.10 (inclusive)
    78
    89=== References