These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-11604 is a medium-severity vulnerability in OpenVPN ovpn-dco-win versions 2.0.0 through 2.8.3. An incorrect buffer size calculation in the epoch key generator allows a remote authenticated peer to trigger a heap-based buffer overflow and kernel memory corruption via a crafted data packet, resulting in a system crash (denial of service). The CVSS score for this vulnerability is 5.6, indicating a m [truncated]
CVE-2026-40215 is a medium-severity vulnerability in OpenVPN, allowing remote attackers to potentially cause a server crash or leak heap memory via a use-after-free triggered during TLS session promotion. The vulnerability affects OpenVPN versions 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1.
CVE-2026-35058 is a medium-severity vulnerability in OpenVPN, affecting versions 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1. The vulnerability is caused by improper validation of packet length during tls-crypt-v2 key extraction, allowing authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet. The CVSS score for this vulnerability is 6.9, in [truncated]
CVE-2016-6329 is a confidentiality issue in OpenVPN tied to the use of 64-bit block ciphers. NVD describes it as making it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, with an HTTP-over-OpenVPN Blowfish-CBC example of the Sweet32 class of attacks. The NVD record lists affected OpenVPN versions up to 2.3.14 when configured with a vuln [truncated]