Описание
Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| openvpn | fixed | 2.6.7-1 | package | |
| openvpn | not-affected | bullseye | package | |
| openvpn | not-affected | buster | package |
Примечания
https://community.openvpn.net/openvpn/wiki/CVE-2023-46849
https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/
Fixed by: https://github.com/OpenVPN/openvpn/commit/1cfca659244e362f372d9843351257f456392a2f (v2.6.7)
EPSS
Связанные уязвимости
Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.
Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.
Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.
Уязвимость опции --fragment программного обеспечения OpenVPN, связанная с ошибками при делении на ноль, позволяющая нарушителю вызвать отказ в обслуживании
EPSS