CVE-2023-46850

Status: Modified
Last modified: 29-11-2023
Published: 11-11-2023
9.8

SUMMARY CVE-2023-46850

Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.

Access CVSS3 CVE-2023-46850

Attack Complexity Attack Vector Privileges Required Scope User Interaction
LOW NETWORK NONE UNCHANGED NONE

Impact CVSS3 CVE-2023-46850

Confidentiality Integrity Availability
HIGH HIGH HIGH

Details CVE-2023-46850

EPSS 0.00523
EPSS % 0.77131
References
CWE CWE-416
Vulnerable Configurations
  • cpe:2.3:a:openvpn:openvpn:2.6.0:-:*:*:community:*:*:*
    cpe:2.3:a:openvpn:openvpn:2.6.0:-:*:*:community:*:*:*
  • cpe:2.3:a:openvpn:openvpn:2.6.0:rc1:*:*:community:*:*:*
    cpe:2.3:a:openvpn:openvpn:2.6.0:rc1:*:*:community:*:*:*
  • cpe:2.3:a:openvpn:openvpn:2.6.0:rc2:*:*:community:*:*:*
    cpe:2.3:a:openvpn:openvpn:2.6.0:rc2:*:*:community:*:*:*
  • cpe:2.3:a:openvpn:openvpn:2.6.0:beta1:*:*:community:*:*:*
    cpe:2.3:a:openvpn:openvpn:2.6.0:beta1:*:*:community:*:*:*
  • cpe:2.3:a:openvpn:openvpn:2.6.0:beta2:*:*:community:*:*:*
    cpe:2.3:a:openvpn:openvpn:2.6.0:beta2:*:*:community:*:*:*
  • cpe:2.3:a:openvpn:openvpn:2.6.1:*:*:*:community:*:*:*
    cpe:2.3:a:openvpn:openvpn:2.6.1:*:*:*:community:*:*:*
  • cpe:2.3:a:openvpn:openvpn:2.6.2:*:*:*:community:*:*:*
    cpe:2.3:a:openvpn:openvpn:2.6.2:*:*:*:community:*:*:*
  • cpe:2.3:a:openvpn:openvpn:2.6.3:*:*:*:community:*:*:*
    cpe:2.3:a:openvpn:openvpn:2.6.3:*:*:*:community:*:*:*
  • cpe:2.3:a:openvpn:openvpn:2.6.4:*:*:*:community:*:*:*
    cpe:2.3:a:openvpn:openvpn:2.6.4:*:*:*:community:*:*:*
  • cpe:2.3:a:openvpn:openvpn:2.6.5:*:*:*:community:*:*:*
    cpe:2.3:a:openvpn:openvpn:2.6.5:*:*:*:community:*:*:*
  • cpe:2.3:a:openvpn:openvpn:2.6.6:*:*:*:community:*:*:*
    cpe:2.3:a:openvpn:openvpn:2.6.6:*:*:*:community:*:*:*
  • cpe:2.3:a:openvpn:openvpn_access_server:2.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:openvpn:openvpn_access_server:2.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openvpn:openvpn_access_server:2.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:openvpn:openvpn_access_server:2.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openvpn:openvpn_access_server:2.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:openvpn:openvpn_access_server:2.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openvpn:openvpn_access_server:2.11.3:*:*:*:*:*:*:*
    cpe:2.3:a:openvpn:openvpn_access_server:2.11.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openvpn:openvpn_access_server:2.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:openvpn:openvpn_access_server:2.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openvpn:openvpn_access_server:2.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:openvpn:openvpn_access_server:2.12.1:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
CVSS3 Source nvd@nist.gov
CVSS3 Type Primary
CVSS3 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

ATOM RSS Feed Link for CVE Vulnerabilities

CVE Data Propulsed by AKAOMA CyberSecurity