Description
OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session
Problem types
Missing Release of Resource after Effective Lifetime
Product status
2.6.0 (patch)
References
community.openvpn.net/openvpn/wiki/CVE-2024-28882
www.mail-archive.com/...@lists.sourceforge.net/msg07634.html
