{"id":"USN-6484-1","summary":"openvpn vulnerabilities","details":"It was discovered that OpenVPN incorrectly handled the --fragment option\nin certain configurations. A remote attacker could possibly use this issue\nto cause OpenVPN to crash, resulting in a denial of service.\n(CVE-2023-46849)\n\nIt was discovered that OpenVPN incorrectly handled certain memory\noperations. A remote attacker could use this issue to cause OpenVPN to\ncrash, obtain sensitive information, or possibly execute arbitrary code.\n(CVE-2023-46850)\n","modified":"2026-02-04T02:26:15.508692Z","published":"2023-11-16T13:09:52.156615Z","related":["CVE-2023-46849","CVE-2023-46850","UBUNTU-CVE-2023-46849","UBUNTU-CVE-2023-46850"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6484-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-46849"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-46850"}],"affected":[{"package":{"name":"openvpn","ecosystem":"Ubuntu:23.10","purl":"pkg:deb/ubuntu/openvpn@2.6.5-0ubuntu1.1?arch=source&distro=mantic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6.5-0ubuntu1.1"}]}],"versions":["2.6.1-1ubuntu1","2.6.3-1ubuntu1","2.6.3-2ubuntu1","2.6.5-0ubuntu1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"openvpn","binary_version":"2.6.5-0ubuntu1.1"},{"binary_name":"openvpn-dbgsym","binary_version":"2.6.5-0ubuntu1.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6484-1.json"}}],"schema_version":"1.7.3"}