CVE-2023-46849
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-46849
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46849.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-46849
- Related
- Published
- 2023-11-11T01:15:07Z
- Modified
- 2024-06-06T14:28:30.985321Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.
- References
-
- https://community.openvpn.net/openvpn/wiki/CVE-2023-46849
- https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/
- https://www.debian.org/security/2023/dsa-5555
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/
Affected packages
Alpine:v3.18 / openvpn
Package
- Name
- openvpn
- Purl
- pkg:apk/alpine/openvpn?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.6.7-r0
Affected versions
2.*
2.0.9-r0
2.0.9-r1
2.0.9-r2
2.1.1-r0
2.1.1-r1
2.1.1-r2
2.1.3-r0
2.1.4-r0
2.1.4-r1
2.2.0-r0
2.2.0-r1
2.2.0-r2
2.2.2-r0
2.3.0-r0
2.3.1-r0
2.3.2-r0
2.3.2-r1
2.3.2-r2
2.3.3-r0
2.3.4-r0
2.3.5-r0
2.3.6-r0
2.3.6-r1
2.3.7-r0
2.3.8-r0
2.3.8-r1
2.3.9-r0
2.3.10-r0
2.3.10-r1
2.3.10-r2
2.3.11-r0
2.3.12-r0
2.3.12-r1
2.3.14-r0
2.4.0-r0
2.4.1-r0
2.4.1-r1
2.4.2-r0
2.4.3-r0
2.4.4-r0
2.4.4-r1
2.4.5-r0
2.4.5-r1
2.4.6-r0
2.4.6-r1
2.4.6-r2
2.4.6-r3
2.4.6-r4
2.4.6-r5
2.4.7-r0
2.4.7-r1
2.4.8-r0
2.4.8-r1
2.4.8-r2
2.4.8-r3
2.4.8-r4
2.4.9-r0
2.5.0-r0
2.5.0-r1
2.5.1-r0
2.5.2-r0
2.5.3-r0
2.5.3-r1
2.5.4-r0
2.5.4-r1
2.5.5-r0
2.5.6-r0
2.5.6-r1
2.5.7-r0
2.5.8-r0
2.6.0-r0
2.6.1-r0
2.6.2-r0
2.6.2-r1
2.6.3-r0
2.6.4-r0
2.6.5-r0
Alpine:v3.19 / openvpn
Package
- Name
- openvpn
- Purl
- pkg:apk/alpine/openvpn?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.6.7-r0
Affected versions
2.*
2.0.9-r0
2.0.9-r1
2.0.9-r2
2.1.1-r0
2.1.1-r1
2.1.1-r2
2.1.3-r0
2.1.4-r0
2.1.4-r1
2.2.0-r0
2.2.0-r1
2.2.0-r2
2.2.2-r0
2.3.0-r0
2.3.1-r0
2.3.2-r0
2.3.2-r1
2.3.2-r2
2.3.3-r0
2.3.4-r0
2.3.5-r0
2.3.6-r0
2.3.6-r1
2.3.7-r0
2.3.8-r0
2.3.8-r1
2.3.9-r0
2.3.10-r0
2.3.10-r1
2.3.10-r2
2.3.11-r0
2.3.12-r0
2.3.12-r1
2.3.14-r0
2.4.0-r0
2.4.1-r0
2.4.1-r1
2.4.2-r0
2.4.3-r0
2.4.4-r0
2.4.4-r1
2.4.5-r0
2.4.5-r1
2.4.6-r0
2.4.6-r1
2.4.6-r2
2.4.6-r3
2.4.6-r4
2.4.6-r5
2.4.7-r0
2.4.7-r1
2.4.8-r0
2.4.8-r1
2.4.8-r2
2.4.8-r3
2.4.8-r4
2.4.9-r0
2.5.0-r0
2.5.0-r1
2.5.1-r0
2.5.2-r0
2.5.3-r0
2.5.3-r1
2.5.4-r0
2.5.4-r1
2.5.5-r0
2.5.6-r0
2.5.6-r1
2.5.7-r0
2.5.8-r0
2.6.0-r0
2.6.1-r0
2.6.2-r0
2.6.2-r1
2.6.3-r0
2.6.4-r0
2.6.5-r0
2.6.6-r0
Alpine:v3.20 / openvpn
Package
- Name
- openvpn
- Purl
- pkg:apk/alpine/openvpn?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.6.7-r0
Affected versions
2.*
2.0.9-r0
2.0.9-r1
2.0.9-r2
2.1.1-r0
2.1.1-r1
2.1.1-r2
2.1.3-r0
2.1.4-r0
2.1.4-r1
2.2.0-r0
2.2.0-r1
2.2.0-r2
2.2.2-r0
2.3.0-r0
2.3.1-r0
2.3.2-r0
2.3.2-r1
2.3.2-r2
2.3.3-r0
2.3.4-r0
2.3.5-r0
2.3.6-r0
2.3.6-r1
2.3.7-r0
2.3.8-r0
2.3.8-r1
2.3.9-r0
2.3.10-r0
2.3.10-r1
2.3.10-r2
2.3.11-r0
2.3.12-r0
2.3.12-r1
2.3.14-r0
2.4.0-r0
2.4.1-r0
2.4.1-r1
2.4.2-r0
2.4.3-r0
2.4.4-r0
2.4.4-r1
2.4.5-r0
2.4.5-r1
2.4.6-r0
2.4.6-r1
2.4.6-r2
2.4.6-r3
2.4.6-r4
2.4.6-r5
2.4.7-r0
2.4.7-r1
2.4.8-r0
2.4.8-r1
2.4.8-r2
2.4.8-r3
2.4.8-r4
2.4.9-r0
2.5.0-r0
2.5.0-r1
2.5.1-r0
2.5.2-r0
2.5.3-r0
2.5.3-r1
2.5.4-r0
2.5.4-r1
2.5.5-r0
2.5.6-r0
2.5.6-r1
2.5.7-r0
2.5.8-r0
2.6.0-r0
2.6.1-r0
2.6.2-r0
2.6.2-r1
2.6.3-r0
2.6.4-r0
2.6.5-r0
2.6.6-r0