FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenVPN -- server DOS and data leak in TLS handshake vulnerabilities

Affected packages
		openvpn	<	2.7.2

Details

VuXML ID	549313db-3e93-11f1-8d38-7fbbe0285610
Discovery	2026-04-19
Entry	2026-04-22

Gert Doering reports:

[Security fixes in 2.7.2]

fix race condition in TLS handshake that could lead to leaking of packet data from a previous handshake under specific circumstances (CVE-2026-40215)

fix server [termination] on receiving a suitably malformed packet with a valid tls-crypt-v2 key (CVE-2026-35058)

[source]

References

CVE Name	CVE-2026-35058
CVE Name	CVE-2026-40215
URL	https://github.com/OpenVPN/openvpn/blob/v2.7.2/Changes.rst