What is the CVSS score of CVE-2024-5198?

CVE-2024-5198 has a CVSS 3.1 base score of 3.3 (Low). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L. EPSS exploitation probability: 0.1%.

Which versions of Ovpn Dco Win are affected by CVE-2024-5198?

CVE-2024-5198 is a low-severity vulnerability in OpenVPN ovpn-dco for Windows version 1.1.1 involving null pointer dereference (CVSS 3.3).

How to fix or mitigate CVE-2024-5198?

During next maintenance window: Apply vendor patches when convenient. Verify null pointer dereference controls are in place.

Ovpn Dco Win CVE-2024-5198

LOW

NULL Pointer Dereference (CWE-476)

2025-01-15 security@openvpn.net

Microsoft Null Pointer Dereference Denial Of Service Ovpn Dco Win Windows

3.3

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

3.3 LOW

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:03 vuln.today

CVE Published

Jan 15, 2025 - 13:15 nvd

LOW 3.3

DescriptionCVE.org

AnalysisAI

OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O control messages with invalid data to the driver resulting in a NULL pointer dereference leading to a. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O control messages with invalid data to the driver resulting in a NULL pointer dereference leading to a system halt. Affected products include: Openvpn Ovpn-Dco-Win. Version information: version 1.1.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

More from same product – last 7 days

CVE-2026-11604 MEDIUM This Month

5.6 Jun 10

Heap-based buffer overflow in OpenVPN's ovpn-dco-win Windows kernel driver (versions 2.0.0-2.8.3) allows a remote authen

CVE-2024-5198 vulnerability details – vuln.today

Back

Ovpn Dco Win CVE-2024-5198

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code