#VU82951 Use-after-free in OpenVPN


Published: 2023-11-10

Vulnerability identifier: #VU82951

Vulnerability risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-46850

CWE-ID: CWE-416

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OpenVPN
Server applications / Remote access servers, VPN

Vendor: openvpn.net

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to openvpn incorrectly uses a send buffer after it has been freed. Under certain circumstances the freed memory can be sent to the client peer, resulting in information disclosure. The vulnerability affects TLS configuration.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

OpenVPN: 2.6.0 - 2.6.6

External links
http://github.com/OpenVPN/openvpn/blob/v2.6.7/Changes.rst

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and VPN Module
Fedora 39 update for openvpn
Fedora 38 update for openvpn
Ubuntu update for openvpn
Debian update for openvpn
Fedora 39 update for openvpn
Fedora 38 update for openvpn
Multiple vulnerabilities in OpenVPN