NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-35058

Summary	Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet.
Publication Date	June 9, 2026, 5:17 a.m.
Registration Date	June 10, 2026, 4:12 a.m.
Last Update	June 9, 2026, 11:08 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://community.openvpn.net/ReleaseHistory#openvpn-2620-released-22-april-2026	security@openvpn.net
2	https://community.openvpn.net/ReleaseHistory#openvpn-272-released-22-april-2026	security@openvpn.net
3	https://community.openvpn.net/Security%20Announcements/CVE-2026-35058	security@openvpn.net
4	https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2381	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-617	到達可能なアサーション	https://cwe.mitre.org/data/definitions/617.html