A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openvpn | Openvpn | 2.5.0 (including) | 2.5.11 (including) |
| Openvpn | Openvpn | 2.6.0 (including) | 2.6.21 (excluding) |
| Openvpn | Openvpn | 2.7 (including) | 2.7.5 (excluding) |
| Openvpn | Ubuntu | devel | * |
| Openvpn | Ubuntu | jammy | * |
| Openvpn | Ubuntu | noble | * |
| Openvpn | Ubuntu | questing | * |
| Openvpn | Ubuntu | resolute | * |
| Openvpn | Ubuntu | upstream | * |