CVE-2023-7224 | THREATINT

Description

OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable

PUBLISHED Reserved 2024-01-08 | Published 2024-01-08 | Updated 2024-09-04 | Assigner OpenVPN

Problem types

CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

Product status

Default status

unaffected

3.0 (minor release)

affected

References

openvpn.net/...sources/openvpn-connect-for-macos-change-log/

cve.org (CVE-2023-7224)

nvd.nist.gov (CVE-2023-7224)

Download JSON