2250098 – (CVE-2023-46850) CVE-2023-46850 openvpn: Incorrect use of send buffer can cause memory to be sent to peer

Bug 2250098 (CVE-2023-46850) - CVE-2023-46850 openvpn: Incorrect use of send buffer can cause memory to be sent to peer

Summary: CVE-2023-46850 openvpn: Incorrect use of send buffer can cause memory to be s...

Keywords:
Status:	NEW
Alias:	CVE-2023-46850
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2250099 2250100
Blocks:
TreeView+	depends on / blocked

Reported:	2023-11-16 16:21 UTC by Mauro Matteo Cascella
Modified:	2023-11-16 16:22 UTC (History)
CC List:	0 users
Fixed In Version:	openvpn 2.12.2
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Mauro Matteo Cascella 2023-11-16 16:21:49 UTC

Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.

References:
https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/
https://community.openvpn.net/openvpn/wiki/CVE-2023-46850

Comment 1 Mauro Matteo Cascella 2023-11-16 16:22:07 UTC

Created openvpn tracking bugs for this issue:

Affects: epel-all [bug 2250099]
Affects: fedora-all [bug 2250100]

Note You need to log in before you can comment on or make changes to this bug.