{"api_version":"1","generated_at":"2026-06-10T13:42:10+00:00","cve":"CVE-2026-34183","urls":{"html":"https://cve.report/CVE-2026-34183","api":"https://cve.report/api/cve/CVE-2026-34183.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-34183","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-34183"},"summary":{"title":"Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler","description":"Issue summary: Remote peer may exhaust heap memory of the QUIC\nserver or client by flooding it with packets containing PATH_CHALLENGE\nframes.\n\nImpact summary: A malicious remote peer can cause an unbounded\nmemory allocation which can lead to an abnormal termination of the\napplication acting as a QUIC client or server and a Denial of Service.\n\nA remote peer may exhaust heap memory by flooding the local\nQUIC stack with PATH_CHALLENGE frames. The local QUIC stack\nallocates a PATH_RESPONSE frame for every PATH_CHALLENGE it receives.\nThe allocated PATH_RESPONSE frame gets freed only when the remote\npeer acknowledges reception of the PATH_RESPONSE frame which will\nnot be done by a malicious peer.\n\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by\nthis issue. The QUIC stack is outside of OpenSSL FIPS module\nboundary.","state":"PUBLISHED","assigner":"openssl","published_at":"2026-06-09 17:17:05","updated_at":"2026-06-10 08:16:23"},"problem_types":["CWE-1325","CWE-1325 CWE-1325 Improperly Controlled Sequential Memory Allocation"],"metrics":[],"references":[{"url":"https://github.com/openssl/openssl/commit/fbaa83859c01ad64f497b757aaf51be7d05ed9eb","name":"https://github.com/openssl/openssl/commit/fbaa83859c01ad64f497b757aaf51be7d05ed9eb","refsource":"openssl-security@openssl.org","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/openssl/openssl/commit/d2e9efbe4900a373227deb136e8665401404ffac","name":"https://github.com/openssl/openssl/commit/d2e9efbe4900a373227deb136e8665401404ffac","refsource":"openssl-security@openssl.org","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/openssl/openssl/commit/5b306efb0b3779dfdd0803b4afc9d08c91f11517","name":"https://github.com/openssl/openssl/commit/5b306efb0b3779dfdd0803b4afc9d08c91f11517","refsource":"openssl-security@openssl.org","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://openssl-library.org/news/secadv/20260609.txt","name":"https://openssl-library.org/news/secadv/20260609.txt","refsource":"openssl-security@openssl.org","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/openssl/openssl/commit/7d06955ebe0ecf8adfd4c1e92018586da47ef9ac","name":"https://github.com/openssl/openssl/commit/7d06955ebe0ecf8adfd4c1e92018586da47ef9ac","refsource":"openssl-security@openssl.org","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/openssl/security/commit/5b306efb0b3779dfdd0803b4afc9d08c91f11517","name":"https://github.com/openssl/security/commit/5b306efb0b3779dfdd0803b4afc9d08c91f11517","refsource":"MITRE","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/openssl/security/commit/7d06955ebe0ecf8adfd4c1e92018586da47ef9ac","name":"https://github.com/openssl/security/commit/7d06955ebe0ecf8adfd4c1e92018586da47ef9ac","refsource":"MITRE","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/openssl/security/commit/d2e9efbe4900a373227deb136e8665401404ffac","name":"https://github.com/openssl/security/commit/d2e9efbe4900a373227deb136e8665401404ffac","refsource":"MITRE","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/openssl/security/commit/fbaa83859c01ad64f497b757aaf51be7d05ed9eb","name":"https://github.com/openssl/security/commit/fbaa83859c01ad64f497b757aaf51be7d05ed9eb","refsource":"MITRE","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-34183","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34183","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"OpenSSL","product":"OpenSSL","version":"affected 4.0.0 4.0.1 semver","platforms":[]},{"source":"CNA","vendor":"OpenSSL","product":"OpenSSL","version":"affected 3.6.0 3.6.3 semver","platforms":[]},{"source":"CNA","vendor":"OpenSSL","product":"OpenSSL","version":"affected 3.5.0 3.5.7 semver","platforms":[]},{"source":"CNA","vendor":"OpenSSL","product":"OpenSSL","version":"affected 3.4.0 3.4.6 semver","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Abhinav Agarwal","lang":"en"},{"source":"CNA","value":"Alexandr Nedvedicky","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"OpenSSL","vendor":"OpenSSL","versions":[{"lessThan":"4.0.1","status":"affected","version":"4.0.0","versionType":"semver"},{"lessThan":"3.6.3","status":"affected","version":"3.6.0","versionType":"semver"},{"lessThan":"3.5.7","status":"affected","version":"3.5.0","versionType":"semver"},{"lessThan":"3.4.6","status":"affected","version":"3.4.0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"reporter","value":"Abhinav Agarwal"},{"lang":"en","type":"remediation developer","value":"Alexandr Nedvedicky"}],"datePublic":"2026-06-09T14:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Issue summary: Remote peer may exhaust heap memory of the QUIC<br>server or client by flooding it with packets containing PATH_CHALLENGE<br>frames.<br><br>Impact summary: A malicious remote peer can cause an unbounded<br>memory allocation which can lead to an abnormal termination of the<br>application acting as a QUIC client or server and a Denial of Service.<br><br>A remote peer may exhaust heap memory by flooding the local<br>QUIC stack with PATH_CHALLENGE frames. The local QUIC stack<br>allocates a PATH_RESPONSE frame for every PATH_CHALLENGE it receives.<br>The allocated PATH_RESPONSE frame gets freed only when the remote<br>peer acknowledges reception of the PATH_RESPONSE frame which will<br>not be done by a malicious peer.<br><br>The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by<br>this issue. The QUIC stack is outside of OpenSSL FIPS module<br>boundary."}],"value":"Issue summary: Remote peer may exhaust heap memory of the QUIC\nserver or client by flooding it with packets containing PATH_CHALLENGE\nframes.\n\nImpact summary: A malicious remote peer can cause an unbounded\nmemory allocation which can lead to an abnormal termination of the\napplication acting as a QUIC client or server and a Denial of Service.\n\nA remote peer may exhaust heap memory by flooding the local\nQUIC stack with PATH_CHALLENGE frames. The local QUIC stack\nallocates a PATH_RESPONSE frame for every PATH_CHALLENGE it receives.\nThe allocated PATH_RESPONSE frame gets freed only when the remote\npeer acknowledges reception of the PATH_RESPONSE frame which will\nnot be done by a malicious peer.\n\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by\nthis issue. The QUIC stack is outside of OpenSSL FIPS module\nboundary."}],"metrics":[{"format":"other","other":{"content":{"text":"Moderate"},"type":"https://openssl-library.org/policies/general/security-policy/"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-1325","description":"CWE-1325 Improperly Controlled Sequential Memory Allocation","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-10T07:47:56.298Z","orgId":"3a12439a-ef3a-4c79-92e6-6081a721f1e5","shortName":"openssl"},"references":[{"name":"OpenSSL Advisory","tags":["vendor-advisory"],"url":"https://openssl-library.org/news/secadv/20260609.txt"},{"name":"4.0.1 git commit","tags":["patch"],"url":"https://github.com/openssl/openssl/commit/fbaa83859c01ad64f497b757aaf51be7d05ed9eb"},{"name":"3.6.3 git commit","tags":["patch"],"url":"https://github.com/openssl/openssl/commit/5b306efb0b3779dfdd0803b4afc9d08c91f11517"},{"name":"3.5.7 git commit","tags":["patch"],"url":"https://github.com/openssl/openssl/commit/7d06955ebe0ecf8adfd4c1e92018586da47ef9ac"},{"name":"3.4.6 git commit","tags":["patch"],"url":"https://github.com/openssl/openssl/commit/d2e9efbe4900a373227deb136e8665401404ffac"}],"source":{"discovery":"UNKNOWN"},"title":"Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler","x_generator":{"engine":"Vulnogram 0.2.0"}}},"cveMetadata":{"assignerOrgId":"3a12439a-ef3a-4c79-92e6-6081a721f1e5","assignerShortName":"openssl","cveId":"CVE-2026-34183","datePublished":"2026-06-09T16:03:23.623Z","dateReserved":"2026-03-26T09:29:36.013Z","dateUpdated":"2026-06-10T07:47:56.298Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-09 17:17:05","lastModifiedDate":"2026-06-10 08:16:23","problem_types":["CWE-1325","CWE-1325 CWE-1325 Improperly Controlled Sequential Memory Allocation"],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"34183","Ordinal":"1","Title":"Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler","CVE":"CVE-2026-34183","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"34183","Ordinal":"1","NoteData":"Issue summary: Remote peer may exhaust heap memory of the QUIC\nserver or client by flooding it with packets containing PATH_CHALLENGE\nframes.\n\nImpact summary: A malicious remote peer can cause an unbounded\nmemory allocation which can lead to an abnormal termination of the\napplication acting as a QUIC client or server and a Denial of Service.\n\nA remote peer may exhaust heap memory by flooding the local\nQUIC stack with PATH_CHALLENGE frames. The local QUIC stack\nallocates a PATH_RESPONSE frame for every PATH_CHALLENGE it receives.\nThe allocated PATH_RESPONSE frame gets freed only when the remote\npeer acknowledges reception of the PATH_RESPONSE frame which will\nnot be done by a malicious peer.\n\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by\nthis issue. The QUIC stack is outside of OpenSSL FIPS module\nboundary.","Type":"Description","Title":"Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler"}]}}}