What is CVE-2024-5594?

CVE-2024-5594 is a vulnerability in Openvpn, classified under CWE-1287. Published 2025-01-06.

Is CVE-2024-5594 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Openvpn

CVE-2024-5594

OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.

EPSS: 0.005 (67.2th percentile) — read the EPSS interpretation.

Affected products

Openvpn — versions 0

Weakness classification (CWE)

CWE-1287

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds
w4zu/Debian_

References

community.openvpn.net/openvpn/wiki/CVE-2024-5594
www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html

Frequently asked questions

What is CVE-2024-5594?: CVE-2024-5594 is a vulnerability in Openvpn, classified under CWE-1287. Published 2025-01-06.
Is CVE-2024-5594 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.