CVE-2023-46850

Status: Modified

Last modified: 29-11-2023

Published: 11-11-2023

9.8

SUMMARY CVE-2023-46850

Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.

Access CVSS3 CVE-2023-46850

Attack Complexity	Attack Vector	Privileges Required	Scope	User Interaction
LOW	NETWORK	NONE	UNCHANGED	NONE

Impact CVSS3 CVE-2023-46850

Confidentiality	Integrity	Availability
HIGH	HIGH	HIGH

Details CVE-2023-46850

EPSS	0.00559
EPSS %	0.77999
References	https://community.openvpn.net/openvpn/wiki/CVE-2023-46850 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/ https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/ https://www.debian.org/security/2023/dsa-5555
CWE	CWE-416
Vulnerable Configurations	cpe:2.3:a:openvpn:openvpn:2.6.0:-:::community:::* cpe:2.3:a:openvpn:openvpn:2.6.0:-:::community:::* cpe:2.3:a:openvpn:openvpn:2.6.0:rc1:::community:::* cpe:2.3:a:openvpn:openvpn:2.6.0:rc1:::community:::* cpe:2.3:a:openvpn:openvpn:2.6.0:rc2:::community:::* cpe:2.3:a:openvpn:openvpn:2.6.0:rc2:::community:::* cpe:2.3:a:openvpn:openvpn:2.6.0:beta1:::community:::* cpe:2.3:a:openvpn:openvpn:2.6.0:beta1:::community:::* cpe:2.3:a:openvpn:openvpn:2.6.0:beta2:::community:::* cpe:2.3:a:openvpn:openvpn:2.6.0:beta2:::community:::* cpe:2.3:a:openvpn:openvpn:2.6.1::::community::: cpe:2.3:a:openvpn:openvpn:2.6.1::::community::: cpe:2.3:a:openvpn:openvpn:2.6.2::::community::: cpe:2.3:a:openvpn:openvpn:2.6.2::::community::: cpe:2.3:a:openvpn:openvpn:2.6.3::::community::: cpe:2.3:a:openvpn:openvpn:2.6.3::::community::: cpe:2.3:a:openvpn:openvpn:2.6.4::::community::: cpe:2.3:a:openvpn:openvpn:2.6.4::::community::: cpe:2.3:a:openvpn:openvpn:2.6.5::::community::: cpe:2.3:a:openvpn:openvpn:2.6.5::::community::: cpe:2.3:a:openvpn:openvpn:2.6.6::::community::: cpe:2.3:a:openvpn:openvpn:2.6.6::::community::: cpe:2.3:a:openvpn:openvpn_access_server:2.11.0:::::::* cpe:2.3:a:openvpn:openvpn_access_server:2.11.0:::::::* cpe:2.3:a:openvpn:openvpn_access_server:2.11.1:::::::* cpe:2.3:a:openvpn:openvpn_access_server:2.11.1:::::::* cpe:2.3:a:openvpn:openvpn_access_server:2.11.2:::::::* cpe:2.3:a:openvpn:openvpn_access_server:2.11.2:::::::* cpe:2.3:a:openvpn:openvpn_access_server:2.11.3:::::::* cpe:2.3:a:openvpn:openvpn_access_server:2.11.3:::::::* cpe:2.3:a:openvpn:openvpn_access_server:2.12.0:::::::* cpe:2.3:a:openvpn:openvpn_access_server:2.12.0:::::::* cpe:2.3:a:openvpn:openvpn_access_server:2.12.1:::::::* cpe:2.3:a:openvpn:openvpn_access_server:2.12.1:::::::* cpe:2.3:o:debian:debian_linux:12.0:::::::* cpe:2.3:o:debian:debian_linux:12.0:::::::* cpe:2.3:o:fedoraproject:fedora:39:::::::* cpe:2.3:o:fedoraproject:fedora:39:::::::*
CVSS3 Source	nvd@nist.gov
CVSS3 Type	Primary
CVSS3 Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

ATOM RSS Feed Link for CVE Vulnerabilities

CVE Data Propulsed by AKAOMA CyberSecurity