CVE-2026-34183 Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

🗓️ 09 Jun 2026 16:03:23Reported by opensslType

Remote peer can flood QUIC PATH_CHALLENGE frames, causing unbounded memory growth and DoS.

Reporter	Title	Published	Views	Family All 8
CVE	CVE-2026-34183	9 Jun 202616:03	–	cve
Debian CVE	CVE-2026-34183	9 Jun 202616:03	–	debiancve
EUVD	EUVD-2026-35479	9 Jun 202618:30	–	euvd
NVD	CVE-2026-34183	9 Jun 202617:17	–	nvd
OSV	DEBIAN-CVE-2026-34183	9 Jun 202619:47	–	osv
OSV	UBUNTU-CVE-2026-34183	9 Jun 202600:00	–	osv
Positive Technologies	PT-2026-47832	9 Jun 202600:00	–	ptsecurity
Ubuntu	USN-8414-1: OpenSSL vulnerabilities	9 Jun 202617:14	–	ubuntu

[
  {
    "defaultStatus": "unaffected",
    "product": "OpenSSL",
    "vendor": "OpenSSL",
    "versions": [
      {
        "lessThan": "4.0.1",
        "status": "affected",
        "version": "4.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.6.3",
        "status": "affected",
        "version": "3.6.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.5.7",
        "status": "affected",
        "version": "3.5.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.4.6",
        "status": "affected",
        "version": "3.4.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
github	www.github.com/openssl/security/commit/5b306efb0b3779dfdd0803b4afc9d08c91f11517
openssl-library	www.openssl-library.org/news/secadv/20260609.txt
github	www.github.com/openssl/security/commit/d2e9efbe4900a373227deb136e8665401404ffac
github	www.github.com/openssl/security/commit/7d06955ebe0ecf8adfd4c1e92018586da47ef9ac
github	www.github.com/openssl/security/commit/fbaa83859c01ad64f497b757aaf51be7d05ed9eb

09 Jun 2026 16:03Current

CWE-1325