{"id":"CVE-2024-5198","details":"OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O control messages with invalid data to the driver resulting in a NULL pointer dereference leading to a system halt.","modified":"2026-04-10T05:16:12.904530Z","published":"2025-01-15T13:15:15.090Z","references":[{"type":"ADVISORY","url":"https://community.openvpn.net/openvpn/wiki/CVE-2024-5198"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openvpn/ovpn-dco-win","events":[{"introduced":"0"},{"last_affected":"b750b2c7530d1276338869cd7d9b55e4d022df56"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.1.1"}]}}],"versions":["0.6.5","0.6.7","0.6.8","0.7.1","0.7.4","0.7.6","0.8.0","0.8.1","0.8.2","0.8.3","0.9.0","0.9.1","0.9.2","0.9.3","0.9.4","1.0.0","1.0.1","1.1.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-5198.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}]}