Source: openvpn-auth-ldap X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerability was published for openvpn-auth-ldap. CVE-2024-28820[0]: | Buffer overflow in the extract_openvpn_cr function in openvpn-cr.c | in openvpn-auth-ldap (aka the Three Rings Auth-LDAP plugin for | OpenVPN) 2.0.4 allows attackers with a valid LDAP username and who | can control the challenge/response password field to pass a string | with more than 14 colons into this field and cause a buffer | overflow. https://github.com/threerings/openvpn-auth-ldap/pull/92 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-28820 https://www.cve.org/CVERecord?id=CVE-2024-28820 Please adjust the affected versions in the BTS as needed.
