CVE-2024-1305
CRITICALtap-windows6 < 9.26.0 - Integer Overflow via Write Operation Size Check
Title source: llmDescription
tap-windows6 driver version 9.26 and earlier does not properly check the size data of incomming write operations which an attacker can use to overflow memory buffers, resulting in a bug check and potentially arbitrary code execution in kernel space
References (2)
Core 2
Core References
Vendor Advisory
https://community.openvpn.net/openvpn/wiki/CVE-2024-1305
Mailing List, Release Notes
https://www.mail-archive.com/[email protected]/msg07534.html
Scores
CVSS v3
9.8
EPSS
0.1538
EPSS Percentile
96.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-190
Status
published
Products (1)
openvpn/tap-windows6
< 9.26.0
Published
Jul 08, 2024
Tracked Since
Feb 18, 2026