GHSA-22j3-3q48-2rmjMedium

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through...

Published
June 8, 2026
Last Modified
June 8, 2026

🔗 CVE IDs covered (1)

📋 Description

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet.

🔗 References (6)