Skip to main content

OpenSSL EUVD-2026-35479

| CVE-2026-34183 HIGH
Improperly Controlled Sequential Memory Allocation (CWE-1325)
2026-06-09 GHSA-f5vx-f6jp-89j6
Information Disclosure OpenSSL Red Hat Suse
7.5
CVSS 3.1 · Vendor
Share

Severity by source

Vendor (CNA) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SUSE
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Red Hat
7.5 MEDIUM
qualitative

Primary rating from Vendor (CNA).

CVSS VectorVendor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Source Code Evidence Fetched
Jun 10, 2026 - 16:26 vuln.today
Analysis Generated
Jun 10, 2026 - 16:26 vuln.today
CVSS changed
Jun 10, 2026 - 16:22 NVD
7.5 (HIGH)
CVE Published
Jun 09, 2026 - 11:43 nvd
UNKNOWN (no severity yet)
CVE Published
Jun 09, 2026 - 11:43 nvd
HIGH 7.5

Description PRE-NVD

Disclosed via GitHub release of openssl/openssl. NVD scoring and full description are pending.

AnalysisAI

Denial of service in OpenSSL QUIC implementation allows remote unauthenticated attackers to exhaust server memory by sending crafted PATH_CHALLENGE frames that trigger unbounded memory growth in the QUIC handler. The flaw affects OpenSSL branches 3.4.x, 3.5.x, 3.6.x, and 4.0.0, and is fixed in the 4.0.1 security release alongside numerous other CVEs. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify QUIC-enabled OpenSSL endpoint
Delivery
Complete QUIC handshake over UDP
Exploit
Send flood of crafted PATH_CHALLENGE frames
Execution
Trigger unbounded allocation in handler
Persist
Exhaust process/host memory
Impact
Server OOM-kill and service outage
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The target must be running OpenSSL 3.4.0-3.4.5, 3.5.0-3.5.6, 3.6.0-3.6.2, or 4.0.0 with QUIC server functionality enabled and reachable from the attacker (typically inbound UDP/443 for HTTP/3 or another QUIC-based protocol); a QUIC handshake must complete to a point where PATH_CHALLENGE frames are accepted by the handler. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H scores 7.5 and reflects a pure availability impact reachable over the network without authentication or user interaction - a classic remote DoS profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker establishes a QUIC handshake to a vulnerable OpenSSL-based server (for example an HTTP/3 endpoint) and then sends a continuous stream of crafted PATH_CHALLENGE frames, each causing the server's QUIC stack to allocate additional state without releasing it. Memory consumption grows until the process is killed by the OOM killer or the host begins paging and stops serving legitimate traffic, producing a denial of service against the targeted endpoint. …
Remediation Apply the vendor-released patches: upgrade to OpenSSL 4.0.1, 3.6.3, 3.5.7, or 3.4.6 depending on the branch in use, as published in the OpenSSL security advisory at https://openssl-library.org/news/secadv/20260609.txt and the 4.0.1 release notes at https://github.com/openssl/openssl/releases/tag/openssl-4.0.1. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify all systems running OpenSSL versions 3.4.x, 3.5.x, 3.6.x, or 4.0.0 that expose QUIC endpoints. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-49440 HIGH
7.4 Jun 16

Cryptographic primality validation in Deno's Node.js compatibility layer (versions <= 2.8.0) silently skips Miller-Rabin
CVE-2026-48491 HIGH
Jun 16

mTLS bypass in Traefik 3.7.0-3.7.1 lets unauthenticated remote clients reach backends protected by wildcard-router TLSOp
CVE-2026-53622 HIGH
Jun 16

Authentication bypass in Traefik v3.6.17, v3.7.0, and v3.7.1 allows unauthenticated remote attackers to bypass router-sp

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Liberty Linux 10 Fixed
SUSE Liberty Linux 9 Fixed
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Affected
SUSE Linux Enterprise Server 15 SP7 Affected

Share

EUVD-2026-35479 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy