CVE-2018-9336

{"id": "CVE-2018-9336", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2018-05-01T18:29:00.697", "references": [{"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.568761", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/OpenVPN/openvpn/commit/1394192b210cb3c6624a7419bcf3ff966742e79b", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/OpenVPN/openvpn/releases/tag/v2.4.6", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.tenable.com/security/research/tra-2018-09", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-415"}]}], "descriptions": [{"lang": "en", "value": "openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation."}, {"lang": "es", "value": "openvpnserv.exe (tambi\u00e9n conocido como interactive service helper) en OpenVPN en versiones 2.4.x anteriores a la 2.4.6 permite que un atacante local provoque una doble liberaci\u00f3n (double free) de memoria enviando una petici\u00f3n mal formada al servicio interactivo. Esto podr\u00eda provocar una denegaci\u00f3n de servicio (DoS) al corromper la memoria o, posiblemente, otro impacto no especificado, incluyendo el escalado de privilegios."}], "lastModified": "2018-06-13T14:27:26.440", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openvpn:openvpn:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6562B69D-6751-4915-89C8-4675EFEEBB1A", "versionEndExcluding": "2.4.6", "versionStartIncluding": "2.4.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:slackware:slackware_linux:13.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7547FBB1-AFE8-4DCB-9B6D-0EB719D26FB9"}, {"criteria": "cpe:2.3:o:slackware:slackware_linux:13.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64DF28B6-C9FE-44AD-9D09-2F154819AFA2"}, {"criteria": "cpe:2.3:o:slackware:slackware_linux:13.37:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A153230-E0BE-4323-AC73-44E8DCD14A1E"}, {"criteria": "cpe:2.3:o:slackware:slackware_linux:14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "936EF68B-2A93-402C-BED4-20E6EDB2F102"}, {"criteria": "cpe:2.3:o:slackware:slackware_linux:14.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1B46F08-93A8-49D9-AC5D-43E19C062FFA"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}