Tags · OpenVPN/tap-windows6

9.27.0

Fix potential integer overflow in TapSharedSendPacket

Following code:

  unsigned int            fullLength;
  <..>
  fullLength = PacketLength + PrefixLength;

could cause integer overflow, which will result in allocation
of smaller size of memory, which later causes buffer overflow and
a bug check.

Fix by checking overflow condition and fail the IRP in case of
overflow.

CVE: 2024-1305

Reported-by: Vladimir Tokarev <vtokarev@microsoft.com>
Signed-off-by: Lev Stipakov <lev@openvpn.net>

Mar 19, 2024
0cad866
zip
tar.gz
Notes
Downloads

9.26.0

Bump to 9.26

Signed-off-by: Lev Stipakov <lev@openvpn.net>

Apr 27, 2023
dc230ae
zip
tar.gz
Downloads

9.25.0

fix bug: Only send packet when packetlength>=Etherheader(14)+IPv4head…

…er(20), but some Ether Packets have no IP header

Apr 25, 2023
d9fbdce
zip
tar.gz
Downloads

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

9.27.0

9.26.0

9.25.0

Tags: OpenVPN/tap-windows6

9.27.0

9.26.0

9.25.0