Openssl · Openssl · CVE-2026-34183
**Name of the Vulnerable Software and Affected Versions**
OpenSSL (affected versions not specified)
**Description**
A remote peer can cause unbounded memory allocation leading to a Denial of Service and abnormal termination of an application acting as a QUIC client or server. This occurs when a malicious peer floods the local QUIC stack with PATH CHALLENGE frames. The stack allocates a PATH RESPONSE frame for every received PATH CHALLENGE, but these frames are only freed once the remote peer acknowledges their reception, which a malicious actor will not do, resulting in heap memory exhaustion.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.