Main Vulnerability Database Vulnerabilities #VU82951

Use-after-free in OpenVPN for Windows - CVE-2023-46850

Published: November 10, 2023

Vulnerability identifier: #VU82951

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-46850

CWE-ID: CWE-416

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OpenVPN for Windows

Software vendor:
OpenVPN

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to openvpn incorrectly uses a send buffer after it has been freed. Under certain circumstances the freed memory can be sent to the client peer, resulting in information disclosure. The vulnerability affects TLS configuration.

Remediation

Install updates from vendor's website.

External links

https://github.com/OpenVPN/openvpn/blob/v2.6.7/Changes.rst

Use-after-free in OpenVPN for Windows - CVE-2023-46850

Description

Remediation

External links

Please verify you're human