vulnerability
FreeBSD: VID-2fe004f5-83fd-11ee-9f5d-31909fb2f495 (CVE-2023-46849): openvpn -- 2.6.0...2.6.6 --fragment option division by zero crash, and TLS data leak
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Nov 15, 2023 | Nov 16, 2023 | Dec 10, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Nov 15, 2023
Added
Nov 16, 2023
Modified
Dec 10, 2025
Description
The OpenVPN community project team reports: CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly restore "--fragment" configuration in some circumstances, leading to a division by zero when "--fragment" is used. On platforms where division by zero is fatal, this will cause an OpenVPN crash. Reported by Niccolo Belli and WIPocket (Github #400, #417). CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly use a send buffer after it has been free()d in some circumstances, causing some free()d memory to be sent to the peer. All configurations using TLS (e.g. not using --secret) are affected by this issue. (found while tracking down CVE-2023-46849 / Github #400, #417)
Solutions
freebsd-upgrade-package-openvpnfreebsd-upgrade-package-openvpn-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.