{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-5198","assignerOrgId":"36a55730-e66d-4d39-8ca6-3c3b3017965e","state":"PUBLISHED","assignerShortName":"OpenVPN","dateReserved":"2024-05-22T13:05:09.238Z","datePublished":"2025-01-15T12:57:25.205Z","dateUpdated":"2025-01-15T14:49:09.099Z"},"containers":{"cna":{"providerMetadata":{"orgId":"36a55730-e66d-4d39-8ca6-3c3b3017965e","shortName":"OpenVPN","dateUpdated":"2025-01-15T12:57:25.205Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-476","description":"NULL Pointer Dereference","type":"CWE"}]}],"affected":[{"vendor":"OpenVPN","product":"ovpn-dco","platforms":["Windows"],"versions":[{"status":"affected","version":"1.1.1"}],"defaultStatus":"unaffected"},{"vendor":"OpenVPN","product":"OpenVPN-GUI","platforms":["Windows"],"modules":["ovpn-dco"],"versions":[{"status":"affected","version":"2.6.10-I002"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O control messages with invalid data to the driver resulting in a NULL pointer dereference leading to a system halt."}],"references":[{"url":"https://community.openvpn.net/openvpn/wiki/CVE-2024-5198"}]},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":3.3,"attackVector":"LOCAL","baseSeverity":"LOW","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"LOW","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-01-15T14:48:03.803396Z","id":"CVE-2024-5198","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-15T14:49:09.099Z"}}]}}