Vulnerability in Openvpn

CVE-2024-28882

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session

EPSS: 0.003 (57.3th percentile) — read the EPSS interpretation.

Affected products

Openvpn — versions 2.6.0

Weakness classification (CWE)

CWE-772 — Missing Release of Resource after Effective Lifetime

References