CVSS: 10.0EPSS: 5%CPEs: 5EXPL: 0CVE-2023-46850 – Ubuntu Security Notice USN-6484-1
https://notcve.org/view.php?id=CVE-2023-46850
11 Nov 2023 — Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer. Use after free en OpenVPN versión 2.6.0 a 2.6.6 puede provocar un comportamiento indefinido, pérdida de búferes de memoria o ejecución remota al enviar búferes de red a un par remoto. It was discovered that OpenVPN incorrectly handled the --fragment option in certain configurations. A remote attacker could possibly use this issue to cause ... • https://community.openvpn.net/openvpn/wiki/CVE-2023-46850 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 6EXPL: 0CVE-2023-46849 – Ubuntu Security Notice USN-6484-1
https://notcve.org/view.php?id=CVE-2023-46849
11 Nov 2023 — Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service. El uso de la opción --fragment en ciertas configuraciones de OpenVPN versión 2.6.0 a 2.6.6 permite a un atacante desencadenar un comportamiento de división por cero que podría provocar un bloqueo de la aplicación y provocar una denegación de servicio. It was discovered that OpenVPN incorrect... • https://community.openvpn.net/openvpn/wiki/CVE-2023-46849 • CWE-369: Divide By Zero •