What the vulnerability does

01Description

OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O control messages with invalid data to the driver resulting in a NULL pointer dereference leading to a system halt.

Key dates

02Disclosure timeline

January 15, 2025 CVE published
January 15, 2025 Record updated