CVE-2023-46850

🗓️ 11 Nov 2023 00:15:07Reported by OpenVPNType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 106 Views

CVE-2023-46850: Use after free in OpenVPN version 2.6.0 to 2.6.

Reporter	Title	Published	Views	Family All 54
FreeBSD	openvpn -- 2.6.0...2.6.6 --fragment option division by zero crash, and TLS data leak	29 Aug 202300:00	–	freebsd
IBM Security Bulletins	Security Bulletin: IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and VPN Module affected by multiple vulnerabilities	6 Feb 202419:49	–	ibm
AlpineLinux	CVE-2023-46850	11 Nov 202300:15	–	alpinelinux
CNNVD	OpenVPN Security Vulnerabilities	11 Nov 202300:00	–	cnnvd
CNNVD	OpenVPN Security Vulnerabilities	11 Nov 202300:00	–	cnnvd
Cvelist	CVE-2023-46850	11 Nov 202300:15	–	cvelist
Debian	[SECURITY] [DSA 5555-1] openvpn security update	15 Nov 202319:14	–	debian
Debian CVE	CVE-2023-46850	11 Nov 202300:15	–	debiancve
Tenable Nessus	Debian DSA-5555-1 : openvpn - security update	15 Nov 202300:00	–	nessus
Tenable Nessus	Fedora 39 : openvpn (2023-d9d55a0bfc)	22 Nov 202300:00	–	nessus

NVD

Node

openvpn openvpnRange2.6.0–2.6.6community

openvpn openvpn_access_serverRange2.11.0–2.11.3

openvpn openvpn_access_serverRange2.12.0–2.12.2

Node

debian debian_linuxMatch12.0

fedoraproject fedoraMatch39

[
  {
    "vendor": "OpenVPN",
    "product": "OpenVPN 2 (Community)",
    "versions": [
      {
        "status": "affected",
        "version": "2.6.0",
        "lessThanOrEqual": "2.6.6",
        "versionType": "minor release"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "OpenVPN",
    "product": "Access Server",
    "platforms": [
      "Linux"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "2.11.0",
        "lessThanOrEqual": "2.11.3",
        "versionType": "patch release"
      },
      {
        "status": "affected",
        "version": "2.12.0",
        "lessThanOrEqual": "2.12.2",
        "versionType": "patch release"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/
community	www.community.openvpn.net/openvpn/wiki/CVE-2023-46850
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/
debian	www.debian.org/security/2023/dsa-5555
openvpn	www.openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/

21 Nov 2024 08:29Current

9.6High risk

Vulners AI Score9.6

CVSS 3.19.8

EPSS0.0383

SSVC

CWE-416