VYPR
← All advisories
Medium severityNVD Advisory· Published Jun 10, 2026

CVE-2026-11604

CVE-2026-11604

Description

OpenVPN ovpn-dco-win heap overflow in epoch key generator allows DoS via crafted packet.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

OpenVPN ovpn-dco-win heap overflow in epoch key generator allows DoS via crafted packet.

Vulnerability

An incorrect buffer size calculation in the epoch key generator within OpenVPN ovpn-dco-win versions 2.0.0 through 2.8.3 allows for a heap-based buffer overflow. This vulnerability exists in the code responsible for generating epoch keys.

Exploitation

A remote authenticated peer can trigger this vulnerability by sending a crafted data packet to the affected OpenVPN instance. Successful exploitation requires the attacker to have authenticated access to the VPN.

Impact

Successful exploitation of this vulnerability can lead to kernel memory corruption and a system crash, resulting in a denial of service (DoS) for the affected system.

Mitigation

OpenVPN ovpn-dco-win version 2.8.3, released on June 10, 2026, addresses this vulnerability. Users are advised to upgrade to version 2.8.3 or later to mitigate the risk [1].

References
  1. Releases · OpenVPN/ovpn-dco-win

AI Insight generated on Jun 10, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

1
68f0802305cc

crypto_epoch: derive highest future epoch from EpochKeyRecv

https://github.com/openvpn/ovpn-dco-winLev StipakovJun 3, 2026via github-commit-search
commit
2 files changed · +22 3
  • crypto_epoch.cpp+4 3 modified
    @@ -193,9 +193,10 @@ OvpnCryptoEpochGenerateFutureRecvKeys(OvpnCryptoKeySlot* keySlot, OvpnCryptoOpti
         }
     }
 
-    auto highestFutureKey = &keySlot->FutureEpochKeys[FUTURE_EPOCH_KEYS_COUNT - 1];
-
-    UINT16 currentHighestKey = highestFutureKey->Epoch ? highestFutureKey->Epoch : 1;
+    // Highest generated epoch comes from EpochKeyRecv, like userspace
+    // (crypto_epoch.c:235). Reading the last future-key slot instead breaks
+    // when that slot is consumed/zeroed, overshooting numKeysGenerate.
+    UINT16 currentHighestKey = keySlot->EpochKeyRecv.Epoch;
     UINT16 desiredHighestKey = currentDecryptEpoch + FUTURE_EPOCH_KEYS_COUNT;
     UINT16 numKeysGenerate = desiredHighestKey - currentHighestKey;
  • tests/tests.cpp+18 0 modified
    @@ -70,6 +70,24 @@ TEST_F(CryptoTest, EpochKeyGeneration) {
     ASSERT_EQ(keySlot.FutureEpochKeys[15].Epoch, 24);
 }
 
+TEST_F(CryptoTest, EpochKeyRotateToHighestFutureKey) {
+    /* Fixture: Decrypt.Epoch == 1, future keys span 2..17 (slot 15 == 17).
+     * Rotating to the highest future epoch (Decrypt + FUTURE_EPOCH_KEYS_COUNT)
+     * is a legitimate protocol fast-forward, but it consumes and zeroes the
+     * last future key. GenerateFutureRecvKeys then read a zeroed
+     * highestFutureKey, collapsed currentHighestKey to 1, and computed
+     * numKeysGenerate = 32 -- turning the RtlMoveMemory into a multi-gigabyte
+     * out-of-bounds copy and the regen loop into negative-index writes.
+     * Pre-fix this crashes; post-fix the whole window regenerates to 18..33. */
+    ASSERT_EQ(keySlot.FutureEpochKeys[15].Epoch, 17);
+
+    OvpnCryptoEpochReplaceUpdateRecvKey(&keySlot, 17, &opts);
+
+    ASSERT_EQ(keySlot.Decrypt.Epoch, 17);
+    ASSERT_EQ(keySlot.FutureEpochKeys[0].Epoch, 18);
+    ASSERT_EQ(keySlot.FutureEpochKeys[15].Epoch, 33);
+}
+
 TEST_F(CryptoTest, EpochKeyRotation) {
     /* should replace send + key recv */
     OvpnCryptoEpochReplaceUpdateRecvKey(&keySlot, 9, &opts);

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

2

News mentions

0

No linked articles in our index yet.