PT-2026-36643 · Openvpn · Openvpn
Published
2026-04-20
·
Updated
2026-05-20
·
CVE-2026-35058
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
OpenVPN (affected versions not specified)
Description
An issue exists in the
tls crypt v2 extract client key() function where an uncontrolled assertion is reachable. A remote attacker can trigger a denial of service by sending a suitably malformed packet containing a valid tls-crypt-v2 key, causing the server to execute an ASSERT() failure.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Assertion Failure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openvpn