VDB

GCVE-110-MAGEIA-2026-236

GCVE-110-MAGEIA-2026-236
Advisory Published
Vulnetix · Advisory published July 8, 2026
The updated packages fix security vulnerabilities: Possible 1-byte buffer overrun on NTLMv2 proxy responses. (CVE-2026-11771) Memory-leak in tls-crypt-v2 client key handling that could lead to out-of-memory situations and subsequent server crashes. (CVE-2026-12932) Use-after-free bug in ack_write_buf(), triggerable by a well-timed sequence of control channel + authentication packets. (CVE-2026-12996) Use-after-free bug in tls_wrap_reneg(), triggerable by suitable sequence of dynamic tls-crypt control-channel packets. (CVE-2026-13117) Server crash on reception of suitably malformed auth-token, if --auth-gen-token external-auth is active. (CVE-2026-13122) Another memory leak on reception of suitable tls-crypt-v2 packets that could lead to an out of memory situation and server crash. (CVE-2026-13698)

Affected Products

VendorProductVersionsPlatforms
Mageiaopenvpn0 (affected), 2.6.21-1.mga9 (unaffected)
Mageiaopenvpn0 (affected), 2.6.21-1.mga10 (unaffected)

Browse GCVE Records

73,044 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›