Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.
2023-11-11T01:15:07.270
2025-06-11T15:15:26.793
Modified
CVSSv3.1: 7.5 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | openvpn | openvpn | ≤ 2.6.6 | Yes |
| Application | openvpn | openvpn_access_server | ≤ 2.11.3 | Yes |
| Application | openvpn | openvpn_access_server | 2.12.0 | Yes |
| Application | openvpn | openvpn_access_server | 2.12.1 | Yes |
| Operating System | debian | debian_linux | 12.0 | Yes |
| Operating System | fedoraproject | fedora | 39 | Yes |