What the vulnerability does

01Description

Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.

Key dates

02Disclosure timeline

November 11, 2023 CVE published
December 16, 2025 Record updated