Home

Description

Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses

PUBLISHED Reserved 2025-10-23 | Published 2025-12-01 | Updated 2025-12-01 | Assigner OpenVPN

Problem types

CWE-126: Buffer Over-read

Product status

Default status
unaffected

2.7_alpha1 (semver)
affected

References

community.openvpn.net/Security Announcements/CVE-2025-12106 vendor-advisory

www.mail-archive.com/...@lists.sourceforge.net/msg00152.html release-notes

cve.org (CVE-2025-12106)

nvd.nist.gov (CVE-2025-12106)

Download JSON