VDB
CISA-2023-46850
CISA-2023-46850
PUBLISHED
Reported by OpenVPN · Published November 11, 2023
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| OpenVPN | OpenVPN 2 (Community) | 2.6.0 |
| OpenVPN | Access Server | 2.11.0, 2.12.0 |
| OpenVPN | OpenVPN 2 (Community) | 2.6.0, 2.6.0 |
| OpenVPN | Access Server | 2.11.0, 2.12.0, 2.11.0 |
Timeline
- Nov 11, 2023 CVE Published
- Dec 16, 2025 CVE Updated
- Apr 26, 2026 Distribution Patch