Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Denial Of Service
Use After Free
Openvpn
Openvpn Access Server
+2
NVD
VulDB
CVSS 3.1
9.8
EPSS
2.0%