CVE-2023-46849

Published: Nov 11, 2023

Modified: Jun 11, 2025

PUBLISHED

Description

Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.

Vendor	Product	Versions
OpenVPN	OpenVPN 2 (Community)	affected `2.6.0 - <= 2.6.6`
OpenVPN	Access Server	affected `2.11.0 - <= 2.11.3` affected `2.12.0 - <= 2.12.1`

Weaknesses (CWE)

CWE-369

References

https://community.openvpn.net/openvpn/wiki/CVE-2023-46849

https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/

https://www.debian.org/security/2023/dsa-5555

https://lists.fedoraproject.org/archives/list/[email protected]/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/

https://lists.fedoraproject.org/archives/list/[email protected]/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-46849

Description

Affected Products

Weaknesses (CWE)

References