CVE-2023-46850

2023-11-1100:15:07

CWE-416

OpenVPN

www.cve.org

openvpn

use after free

vulnerability

memory leaks

remote execution

cve-2023-46850

9.9 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.0%

JSON

Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.

CNA Affected

[
  {
    "vendor": "OpenVPN",
    "product": "OpenVPN 2 (Community)",
    "versions": [
      {
        "status": "affected",
        "version": "2.6.0",
        "lessThanOrEqual": "2.6.6",
        "versionType": "minor release"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "OpenVPN",
    "product": "Access Server",
    "platforms": [
      "Linux"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "2.11.0",
        "lessThanOrEqual": "2.11.3",
        "versionType": "patch release"
      },
      {
        "status": "affected",
        "version": "2.12.0",
        "lessThanOrEqual": "2.12.2",
        "versionType": "patch release"
      }
    ],
    "defaultStatus": "unaffected"
  }
]