CVE-2023-46850 - Vulnerability Details

Vendors	Products
Debian	Debian Linux
Fedoraproject	Fedora
Openvpn	Openvpn Openvpn Access Server

Link	Providers
https://community.openvpn.net/openvpn/wiki/CVE-2023-46850
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/
https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/
https://www.debian.org/security/2023/dsa-5555

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'None', 'Technical Impact': 'Total'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-46850", "assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e", "state": "PUBLISHED", "assignerShortName": "OpenVPN", "dateReserved": "2023-10-27T13:38:49.496Z", "datePublished": "2023-11-11T00:15:07.076Z", "dateUpdated": "2025-02-13T17:14:45.269Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e", "shortName": "OpenVPN", "dateUpdated": "2023-11-29T02:06:20.991Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-416", "description": "CWE-416 Use After Free", "type": "CWE"}]}], "affected": [{"vendor": "OpenVPN", "product": "OpenVPN 2 (Community)", "versions": [{"status": "affected", "version": "2.6.0", "lessThanOrEqual": "2.6.6", "versionType": "minor release"}], "defaultStatus": "unaffected"}, {"vendor": "OpenVPN", "product": "Access Server", "platforms": ["Linux"], "versions": [{"status": "affected", "version": "2.11.0", "lessThanOrEqual": "2.11.3", "versionType": "patch release"}, {"status": "affected", "version": "2.12.0", "lessThanOrEqual": "2.12.2", "versionType": "patch release"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer."}], "references": [{"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46850"}, {"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/"}, {"url": "https://www.debian.org/security/2023/dsa-5555"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:53:21.910Z"}, "title": "CVE Program Container", "references": [{"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46850", "tags": ["x_transferred"]}, {"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/", "tags": ["x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5555", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-08T21:43:36.505056Z", "id": "CVE-2023-46850", "options": [{"Exploitation": "None"}, {"Automatable": "yes"}, {"Technical Impact": "Total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-08T21:44:02.391Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2023-46850 (string)

assignerOrgId : 36a55730-e66d-4d39-8ca6-3c3b3017965e (string)

state : PUBLISHED (string)

assignerShortName : OpenVPN (string)

dateReserved : 2023-10-27T13:38:49.496Z (string)

datePublished : 2023-11-11T00:15:07.076Z (string)

dateUpdated : 2025-02-13T17:14:45.269Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 36a55730-e66d-4d39-8ca6-3c3b3017965e (string)

shortName : OpenVPN (string)

dateUpdated : 2023-11-29T02:06:20.991Z (string)

}

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

cweId : CWE-416 (string)

description : CWE-416 Use After Free (string)

type : CWE (string)

}

]

}

]

affected : [ »

0 : { »

vendor : OpenVPN (string)

product : OpenVPN 2 (Community) (string)

versions : [ »

0 : { »

status : affected (string)

version : 2.6.0 (string)

lessThanOrEqual : 2.6.6 (string)

versionType : minor release (string)

}

]

defaultStatus : unaffected (string)

}

1 : { »

vendor : OpenVPN (string)

product : Access Server (string)

platforms : [ »

0 : Linux (string)

]

versions : [ »

0 : { »

status : affected (string)

version : 2.11.0 (string)

lessThanOrEqual : 2.11.3 (string)

versionType : patch release (string)

}

1 : { »

status : affected (string)

version : 2.12.0 (string)

lessThanOrEqual : 2.12.2 (string)

versionType : patch release (string)

}

]

defaultStatus : unaffected (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer. (string)

}

]

references : [ »

0 : { »

url : https://community.openvpn.net/openvpn/wiki/CVE-2023-46850 (string)

}

1 : { »

url : https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/ (string)

}

2 : { »

url : https://www.debian.org/security/2023/dsa-5555 (string)

}

3 : { »

url : https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/ (string)

}

4 : { »

url : https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/ (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T20:53:21.910Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://community.openvpn.net/openvpn/wiki/CVE-2023-46850 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/ (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://www.debian.org/security/2023/dsa-5555 (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/ (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/ (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2025-01-08T21:43:36.505056Z (string)

id : CVE-2023-46850 (string)

options : [ »

0 : { »

Exploitation : None (string)

}

1 : { »

Automatable : yes (string)

}

2 : { »

Technical Impact : Total (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-01-08T21:44:02.391Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46850", "tags": ["x_transferred"]}, {"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/", "tags": ["x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5555", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:53:21.910Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-46850", "role": "CISA Coordinator", "options": [{"Exploitation": "None"}, {"Automatable": "yes"}, {"Technical Impact": "Total"}], "version": "2.0.3", "timestamp": "2025-01-08T21:43:36.505056Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-08T21:43:47.674Z"}}], "cna": {"affected": [{"vendor": "OpenVPN", "product": "OpenVPN 2 (Community)", "versions": [{"status": "affected", "version": "2.6.0", "versionType": "minor release", "lessThanOrEqual": "2.6.6"}], "defaultStatus": "unaffected"}, {"vendor": "OpenVPN", "product": "Access Server", "versions": [{"status": "affected", "version": "2.11.0", "versionType": "patch release", "lessThanOrEqual": "2.11.3"}, {"status": "affected", "version": "2.12.0", "versionType": "patch release", "lessThanOrEqual": "2.12.2"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}], "references": [{"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46850"}, {"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/"}, {"url": "https://www.debian.org/security/2023/dsa-5555"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/"}], "descriptions": [{"lang": "en", "value": "Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e", "shortName": "OpenVPN", "dateUpdated": "2023-11-29T02:06:20.991Z"}}}, "cveMetadata": {"cveId": "CVE-2023-46850", "state": "PUBLISHED", "dateUpdated": "2025-02-13T17:14:45.269Z", "dateReserved": "2023-10-27T13:38:49.496Z", "assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e", "datePublished": "2023-11-11T00:15:07.076Z", "assignerShortName": "OpenVPN"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://community.openvpn.net/openvpn/wiki/CVE-2023-46850 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/ (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://www.debian.org/security/2023/dsa-5555 (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/ (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/ (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T20:53:21.910Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2023-46850 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : None (string)

}

1 : { »

Automatable : yes (string)

}

2 : { »

Technical Impact : Total (string)

}

]

version : 2.0.3 (string)

timestamp : 2025-01-08T21:43:36.505056Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-01-08T21:43:47.674Z (string)

}

]

cna : { »

affected : [ »

0 : { »

vendor : OpenVPN (string)

product : OpenVPN 2 (Community) (string)

versions : [ »

0 : { »

status : affected (string)

version : 2.6.0 (string)

versionType : minor release (string)

lessThanOrEqual : 2.6.6 (string)

}

]

defaultStatus : unaffected (string)

}

1 : { »

vendor : OpenVPN (string)

product : Access Server (string)

versions : [ »

0 : { »

status : affected (string)

version : 2.11.0 (string)

versionType : patch release (string)

lessThanOrEqual : 2.11.3 (string)

}

1 : { »

status : affected (string)

version : 2.12.0 (string)

versionType : patch release (string)

lessThanOrEqual : 2.12.2 (string)

}

]

platforms : [ »

0 : Linux (string)

]

defaultStatus : unaffected (string)

}

]

references : [ »

0 : { »

url : https://community.openvpn.net/openvpn/wiki/CVE-2023-46850 (string)

}

1 : { »

url : https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/ (string)

}

2 : { »

url : https://www.debian.org/security/2023/dsa-5555 (string)

}

3 : { »

url : https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/ (string)

}

4 : { »

url : https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/ (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-416 (string)

description : CWE-416 Use After Free (string)

}

]

}

]

providerMetadata : { »

orgId : 36a55730-e66d-4d39-8ca6-3c3b3017965e (string)

shortName : OpenVPN (string)

dateUpdated : 2023-11-29T02:06:20.991Z (string)

}

cveMetadata : { »

cveId : CVE-2023-46850 (string)

state : PUBLISHED (string)

dateUpdated : 2025-02-13T17:14:45.269Z (string)

dateReserved : 2023-10-27T13:38:49.496Z (string)

assignerOrgId : 36a55730-e66d-4d39-8ca6-3c3b3017965e (string)

datePublished : 2023-11-11T00:15:07.076Z (string)

assignerShortName : OpenVPN (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*", "matchCriteriaId": "3A398A7A-395F-4CA8-9D72-1DDD337D5074", "versionEndIncluding": "2.6.6", "versionStartIncluding": "2.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "54464223-5988-40E7-B94B-D7B8DE999704", "versionEndIncluding": "2.11.3", "versionStartIncluding": "2.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "2B8D0B4E-A0BF-4A33-9031-987D8BD45F65", "versionEndExcluding": "2.12.2", "versionStartIncluding": "2.12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer."}, {"lang": "es", "value": "Use after free en OpenVPN versi\u00f3n 2.6.0 a 2.6.6 puede provocar un comportamiento indefinido, p\u00e9rdida de b\u00faferes de memoria o ejecuci\u00f3n remota al enviar b\u00faferes de red a un par remoto."}], "id": "CVE-2023-46850", "lastModified": "2024-11-21T08:29:25.480", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-11T01:15:07.357", "references": [{"source": "security@openvpn.net", "tags": ["Vendor Advisory"], "url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46850"}, {"source": "security@openvpn.net", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/"}, {"source": "security@openvpn.net", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/"}, {"source": "security@openvpn.net", "tags": ["Vendor Advisory"], "url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/"}, {"source": "security@openvpn.net", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5555"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46850"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5555"}], "sourceIdentifier": "security@openvpn.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "security@openvpn.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:* (string)

matchCriteriaId : 3A398A7A-395F-4CA8-9D72-1DDD337D5074 (string)

versionEndIncluding : 2.6.6 (string)

versionStartIncluding : 2.6.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 54464223-5988-40E7-B94B-D7B8DE999704 (string)

versionEndIncluding : 2.11.3 (string)

versionStartIncluding : 2.11.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 2B8D0B4E-A0BF-4A33-9031-987D8BD45F65 (string)

versionEndExcluding : 2.12.2 (string)

versionStartIncluding : 2.12.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 46D69DCC-AE4D-4EA5-861C-D60951444C6C (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* (string)

matchCriteriaId : B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer. (string)

}

1 : { »

lang : es (string)

value : Use after free en OpenVPN versión 2.6.0 a 2.6.6 puede provocar un comportamiento indefinido, pérdida de búferes de memoria o ejecución remota al enviar búferes de red a un par remoto. (string)

}

]

id : CVE-2023-46850 (string)

lastModified : 2024-11-21T08:29:25.480 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2023-11-11T01:15:07.357 (string)

references : [ »

0 : { »

source : security@openvpn.net (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://community.openvpn.net/openvpn/wiki/CVE-2023-46850 (string)

}

1 : { »

source : security@openvpn.net (string)

tags : [ »

0 : Mailing List (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/ (string)

}

2 : { »

source : security@openvpn.net (string)

url : https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/ (string)

}

3 : { »

source : security@openvpn.net (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/ (string)

}

4 : { »

source : security@openvpn.net (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://www.debian.org/security/2023/dsa-5555 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://community.openvpn.net/openvpn/wiki/CVE-2023-46850 (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/ (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/ (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/ (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://www.debian.org/security/2023/dsa-5555 (string)

}

]

sourceIdentifier : security@openvpn.net (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-416 (string)

}

]

source : security@openvpn.net (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-416 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation None

Automatable yes

Technical Impact Total

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation None

Automatable yes

Technical Impact Total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object