ByteOS Network

▼CVE Numbering Authority (CNA)

Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.

Affected Products

Vendor

OpenVPN

Product

OpenVPN 2 (Community)

Default Status

unaffected

Versions

Affected

From 2.6.0 through 2.6.6 (minor release)

Vendor

OpenVPN

Product

Access Server

Platforms

Linux

Default Status

unaffected

Versions

Affected

From 2.11.0 through 2.11.3 (patch release)
From 2.12.0 through 2.12.1 (patch release)

Problem Types

Type	CWE ID	Description
CWE	CWE-369	CWE-369 Divide By Zero

References

Hyperlink	Resource
https://community.openvpn.net/openvpn/wiki/CVE-2023-46849	N/A
https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/	N/A
https://www.debian.org/security/2023/dsa-5555	N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/	N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/	N/A

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://community.openvpn.net/openvpn/wiki/CVE-2023-46849	x_transferred
https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/	x_transferred
https://www.debian.org/security/2023/dsa-5555	x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/	x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/	x_transferred

2. CISA ADP Vulnrichment

Metrics

Version	Base score	Base severity	Vector
3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Affected

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References