VDB

CISA-2023-46850

CISA-2023-46850 PUBLISHED

Reported by OpenVPN · Published November 11, 2023

Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.

Affected Products

VendorProductVersions
OpenVPNOpenVPN 2 (Community)2.6.0
OpenVPNAccess Server2.11.0, 2.12.0
OpenVPNOpenVPN 2 (Community)2.6.0, 2.6.0
OpenVPNAccess Server2.11.0, 2.12.0, 2.11.0

Timeline

  • Nov 11, 2023 CVE Published
  • Dec 16, 2025 CVE Updated
  • Apr 26, 2026 Distribution Patch

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›