CVE-2023-46849

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 11, 2023

Updated: Nov 29, 2023

CWE ID 369

Summary

CVE-2023-46849 is a recently disclosed vulnerability in OpenVPN versions 2.6.0 to 2.6.6. This issue arises when using the --fragment option in specific configuration setups. An attacker can exploit this vulnerability, leading to a divide-by-zero error which, in turn, results in an application crash. This denial-of-service (DoS) vulnerability can disrupt OpenVPN services, potentially impacting network security and productivity. Users are urged to upgrade to the latest OpenVPN version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

OpenVPN
Debian
Fedora Operating System

Affected Vendors

openvpn
Debian
Fedora Project

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tKladc
https://www.cve.org/CVERecord?id=CVE-2023-46849
https://nvd.nist.gov/vuln/detail/CVE-2023-46849

Back to Vulnerability Database