FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-01-25 14:24:43 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2fe004f5-83fd-11ee-9f5d-31909fb2f495openvpn -- 2.6.0...2.6.6 --fragment option division by zero crash, and TLS data leak

The OpenVPN community project team reports:

CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly restore "--fragment" configuration in some circumstances, leading to a division by zero when "--fragment" is used. On platforms where division by zero is fatal, this will cause an OpenVPN crash.

Reported by Niccolo Belli and WIPocket (Github #400, #417).

CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly use a send buffer after it has been free()d in some circumstances, causing some free()d memory to be sent to the peer. All configurations using TLS (e.g. not using --secret) are affected by this issue. (found while tracking down CVE-2023-46849 / Github #400, #417)


Discovery 2023-08-29
Entry 2023-11-15
Modified 2023-12-31
openvpn
>= 2.6.0 lt 2.6.7_1

openvpn-devel
< g20231109,1

CVE-2023-46849
CVE-2023-46850
https://github.com/OpenVPN/openvpn/blob/v2.6.7/Changes.rst#overview-of-changes-in-267