CVE-2023-7224: Code Injection
First published: Mon Jan 08 2024(Updated: )
OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable
Credit: security@openvpn.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenVPN Connect | >=3.0.0<=3.4.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-7224?
CVE-2023-7224 is classified as a high-severity vulnerability due to its potential for local code execution.
How do I fix CVE-2023-7224?
To fix CVE-2023-7224, update OpenVPN Connect to version 3.4.7 or later on your macOS.
What impact does CVE-2023-7224 have on macOS users?
CVE-2023-7224 allows local users to execute arbitrary code through improperly handled DYLD_INSERT_LIBRARIES environment variable.
Is my version of OpenVPN Connect affected by CVE-2023-7224?
If you are using OpenVPN Connect version 3.0 through 3.4.6 on macOS, you are affected by CVE-2023-7224.
Can remote attackers exploit CVE-2023-7224?
CVE-2023-7224 is not remotely exploitable; it requires local user access to execute the vulnerability.
- agent/type
- agent/first-publish-date
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/event
- agent/description
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/openvpn
- canonical/openvpn connect
- version/openvpn connect/3.0.0
- version/openvpn connect/3.4.6