Errata patches for IPsec have been released for OpenBSD 6.3 and 6.2. Incorrect handling of fragmented IPsec packets could result in a system crash.
Binary updates for the amd64, i386, and arm64 platforms are available via the syspatch utility. Source code patches can be found on the respective errata pages: https://www.openbsd.org/errata62.html https://www.openbsd.org/errata63.html As these affect the kernel, a reboot will be needed after patching.