CVE-2023-46850

Published: Nov 11, 2023

Modified: Dec 16, 2025

PUBLISHED

Description

Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.

Vendor	Product	Versions
OpenVPN	OpenVPN 2 (Community)	affected `2.6.0 - <= 2.6.6`
OpenVPN	Access Server	affected `2.11.0 - <= 2.11.3` affected `2.12.0 - <= 2.12.2`

Weaknesses (CWE)

CWE-416

References

https://community.openvpn.net/openvpn/wiki/CVE-2023-46850

https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/

https://www.debian.org/security/2023/dsa-5555

https://lists.fedoraproject.org/archives/list/[email protected]/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/

https://lists.fedoraproject.org/archives/list/[email protected]/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-46850

Description

Affected Products

Weaknesses (CWE)

References