#VU82951 Use-after-free in OpenVPN for Windows - CVE-2023-46850


Vulnerability identifier: #VU82951

Vulnerability risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-46850

CWE-ID: CWE-416

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OpenVPN for Windows
Client/Desktop applications / Software for system administration

Vendor: OpenVPN

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to openvpn incorrectly uses a send buffer after it has been freed. Under certain circumstances the freed memory can be sent to the client peer, resulting in information disclosure. The vulnerability affects TLS configuration.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

OpenVPN for Windows: 2.6.0 - 2.6.6

External links
https://github.com/OpenVPN/openvpn/blob/v2.6.7/Changes.rst

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Gentoo update for OpenVPN
Multiple vulnerabilities in IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and VPN Module
Fedora 39 update for openvpn
Fedora 38 update for openvpn
Ubuntu update for openvpn
Debian update for openvpn
Fedora 39 update for openvpn
Fedora 38 update for openvpn
Multiple vulnerabilities in OpenVPN