VDB
GCVE-110-MAGEIA-2026-236
GCVE-110-MAGEIA-2026-236
Advisory Published
The updated packages fix security vulnerabilities:
Possible 1-byte buffer overrun on NTLMv2 proxy responses.
(CVE-2026-11771)
Memory-leak in tls-crypt-v2 client key handling that could lead to
out-of-memory situations and subsequent server crashes. (CVE-2026-12932)
Use-after-free bug in ack_write_buf(), triggerable by a well-timed
sequence of control channel + authentication packets. (CVE-2026-12996)
Use-after-free bug in tls_wrap_reneg(), triggerable by suitable sequence
of dynamic tls-crypt control-channel packets. (CVE-2026-13117)
Server crash on reception of suitably malformed auth-token, if
--auth-gen-token external-auth is active. (CVE-2026-13122)
Another memory leak on reception of suitable tls-crypt-v2 packets that
could lead to an out of memory situation and server crash.
(CVE-2026-13698)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | openvpn | 0 (affected), 2.6.21-1.mga9 (unaffected) | — |
| Mageia | openvpn | 0 (affected), 2.6.21-1.mga10 (unaffected) | — |
References
Browse GCVE Records
73,044 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.