CVE-2023-46850

Name
CVE-2023-46850
Description
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
https://community.openvpn.net/openvpn/wiki/CVE-2023-46850
https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/
https://www.debian.org/security/2023/dsa-5555
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/
security@openvpn.net https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:* openvpn >= 2.6.0 <= 2.6.6
cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:* openvpn_access_server >= 2.11.0 <= 2.11.3
cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:* openvpn_access_server >= 2.12.0 < 2.12.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status