CVE-2023-46850: Incorrect use of send buffer can cause memory to be sent to peer
OpenVPN 2.6 from v2.6.0 up to and including v.2.6.6 incorrectly use a send buffer after it has been free()d in some circumstances, causing some free()d memory to be sent to the peer. All configurations using TLS (e.g. not using --secret) are affected by this issue.
This issue is resolved in OpenVPN 2.6.7.
MITRE entry: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46850
Last modified 10 months ago
Last modified on 11/09/23 15:24:35