Logo
Retour à la veille

CVE-2026-35058

Publié : 8 juin 2026
Modifié : 8 juin 2026
Lien officiel NVD

Description détaillée

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet.

Références et Patchs

https://community.openvpn.net/ReleaseHistory#openvpn-2620-released-22-april-2026https://community.openvpn.net/ReleaseHistory#openvpn-272-released-22-april-2026https://community.openvpn.net/Security%20Announcements/CVE-2026-35058https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2381

Dernières Vulnérabilités

CVE-2026-11701

Inappropriate implementation in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

VOIR DÉTAILS

CVE-2026-11700

Use after free in Tracing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

VOIR DÉTAILS

CVE-2026-11699

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

VOIR DÉTAILS