CVE-2024-5594: OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly wh ...

Severity: Critical

CVSS Score: 9.1

OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.