{"id":"USN-6484-1","summary":"openvpn vulnerabilities","details":"It was discovered that OpenVPN incorrectly handled the --fragment option\nin certain configurations. A remote attacker could possibly use this issue\nto cause OpenVPN to crash, resulting in a denial of service.\n(CVE-2023-46849)\n\nIt was discovered that OpenVPN incorrectly handled certain memory\noperations. A remote attacker could use this issue to cause OpenVPN to\ncrash, obtain sensitive information, or possibly execute arbitrary code.\n(CVE-2023-46850)\n","modified":"2026-01-30T01:41:38.582849Z","published":"2023-11-16T13:09:52.156615Z","related":["CVE-2023-46849","CVE-2023-46850","UBUNTU-CVE-2023-46849","UBUNTU-CVE-2023-46850"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6484-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-46849"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-46850"}],"affected":[{"package":{"name":"openvpn","ecosystem":"Ubuntu:23.10","purl":"pkg:deb/ubuntu/openvpn@2.6.5-0ubuntu1.1?arch=source&distro=mantic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6.5-0ubuntu1.1"}]}],"versions":["2.6.1-1ubuntu1","2.6.3-1ubuntu1","2.6.3-2ubuntu1","2.6.5-0ubuntu1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2.6.5-0ubuntu1.1","binary_name":"openvpn"},{"binary_version":"2.6.5-0ubuntu1.1","binary_name":"openvpn-dbgsym"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6484-1.json"}}],"schema_version":"1.7.3"}