Vulnerabilites related to erlang - otp
CVE-2025-30211 (GCVE-0-2025-30211)
Vulnerability from cvelistv5
Published
2025-03-28 14:55
Modified
2025-03-28 15:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-789 - Memory Allocation with Excessive Size Value
Summary
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names (64 characters) provided in KEX init message. Big KEX init packet may lead to inefficient processing of the error data. As a result, large amount of memory will be allocated for processing malicious data. Versions OTP-27.3.1, OTP-26.2.5.10, and OTP-25.3.2.19 fix the issue. Some workarounds are available. One may set option `parallel_login` to `false` and/or reduce the `max_sessions` option.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30211",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-28T15:10:23.043937Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T15:10:37.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "otp",
"vendor": "erlang",
"versions": [
{
"status": "affected",
"version": "\u003c OTP-27.3.1"
},
{
"status": "affected",
"version": "\u003c OTP-26.2.5.10"
},
{
"status": "affected",
"version": "\u003c OTP-25.3.2.19"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names (64 characters) provided in KEX init message. Big KEX init packet may lead to inefficient processing of the error data. As a result, large amount of memory will be allocated for processing malicious data. Versions OTP-27.3.1, OTP-26.2.5.10, and OTP-25.3.2.19 fix the issue. Some workarounds are available. One may set option `parallel_login` to `false` and/or reduce the `max_sessions` option."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789: Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T14:55:47.778Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/erlang/otp/security/advisories/GHSA-vvr3-fjhh-cfwc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/erlang/otp/security/advisories/GHSA-vvr3-fjhh-cfwc"
}
],
"source": {
"advisory": "GHSA-vvr3-fjhh-cfwc",
"discovery": "UNKNOWN"
},
"title": "KEX init error results with excessive memory usage"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-30211",
"datePublished": "2025-03-28T14:55:47.778Z",
"dateReserved": "2025-03-18T18:15:13.850Z",
"dateUpdated": "2025-03-28T15:10:37.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26618 (GCVE-0-2025-26618)
Vulnerability from cvelistv5
Published
2025-02-20 19:04
Modified
2025-02-20 20:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-789 - Memory Allocation with Excessive Size Value
Summary
Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang. Packet size is not verified properly for SFTP packets. As a result when multiple SSH packets (conforming to max SSH packet size) are received by ssh, they might be combined into an SFTP packet which will exceed the max allowed packet size and potentially cause large amount of memory to be allocated. Note that situation described above can only happen for successfully authenticated users after completing the SSH handshake. This issue has been patched in OTP versions 27.2.4, 26.2.5.9, and 25.3.2.18. There are no known workarounds for this vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T20:55:12.631567Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T20:55:45.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://erlang.org/download/OTP-27.2.4.README.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "otp",
"vendor": "erlang",
"versions": [
{
"status": "affected",
"version": "\u003e= OTP-27.0.0, \u003c OTP-27.2.4"
},
{
"status": "affected",
"version": "\u003e= OTP-26.0.0.0, \u003c OTP-26.2.5.9"
},
{
"status": "affected",
"version": "\u003c OTP-25.3.2.18"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang. Packet size is not verified properly for SFTP packets. As a result when multiple SSH packets (conforming to max SSH packet size) are received by ssh, they might be combined into an SFTP packet which will exceed the max allowed packet size and potentially cause large amount of memory to be allocated. Note that situation described above can only happen for successfully authenticated users after completing the SSH handshake. This issue has been patched in OTP versions 27.2.4, 26.2.5.9, and 25.3.2.18. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789: Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T19:05:07.412Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/erlang/otp/security/advisories/GHSA-78cv-45vx-q6fr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/erlang/otp/security/advisories/GHSA-78cv-45vx-q6fr"
},
{
"name": "https://github.com/erlang/otp/commit/0ed2573cbd55c92e9125c9dc70fa1ca7fed82872",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/erlang/otp/commit/0ed2573cbd55c92e9125c9dc70fa1ca7fed82872"
}
],
"source": {
"advisory": "GHSA-78cv-45vx-q6fr",
"discovery": "UNKNOWN"
},
"title": "SSH SFTP packet size not verified properly in Erlang OTP"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-26618",
"datePublished": "2025-02-20T19:04:54.691Z",
"dateReserved": "2025-02-12T14:51:02.719Z",
"dateUpdated": "2025-02-20T20:55:45.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4748 (GCVE-0-2025-4748)
Vulnerability from cvelistv5
Published
2025-06-16 11:00
Modified
2025-07-04 09:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed.
This issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T15:10:47.019511Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T15:33:34.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-06-16T20:03:21.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/06/16/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"stdlib"
],
"product": "OTP",
"programFiles": [
"lib/stdlib/src/zip.erl"
],
"programRoutines": [
{
"name": "zip:unzip/1"
},
{
"name": "zip:unzip/2"
},
{
"name": "zip:extract/1"
},
{
"name": "zip:extract/2"
}
],
"repo": "https://github.com/erlang/otp",
"vendor": "Erlang",
"versions": [
{
"changes": [
{
"at": "pkg:otp/stdlib@7.0.1",
"status": "unaffected"
},
{
"at": "pkg:otp/stdlib@6.2.2.1",
"status": "unaffected"
},
{
"at": "pkg:otp/stdlib@5.2.3.4",
"status": "unaffected"
}
],
"lessThan": "pkg:otp/stdlib@*",
"status": "affected",
"version": "pkg:otp/stdlib@2.0",
"versionType": "purl"
},
{
"changes": [
{
"at": "28.0.1",
"status": "unaffected"
},
{
"at": "27.3.4.1",
"status": "unaffected"
},
{
"at": "26.2.5.13",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "17.0",
"versionType": "otp"
},
{
"changes": [
{
"at": "d9454dbccbaaad4b8796095c8e653b71b066dfaf",
"status": "unaffected"
},
{
"at": "9b7b5431260e05a16eec3ecd530a232d0995d932",
"status": "unaffected"
},
{
"at": "0ac548b57c0491196c27e39518b5f6acf9326c1e",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "07b8f441ca711f9812fad9e9115bab3c3aa92f79",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wander Nauta"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Lukas Backstr\u00f6m"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Bj\u00f6rn Gustavsson"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003elib/stdlib/src/zip.erl\u003c/tt\u003e and program routines \u003ctt\u003ezip:unzip/1\u003c/tt\u003e, \u003ctt\u003ezip:unzip/2\u003c/tt\u003e, \u003ctt\u003ezip:extract/1\u003c/tt\u003e, \u003ctt\u003ezip:extract/2\u003c/tt\u003e\u003ctt\u003e\u0026nbsp;\u003c/tt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eunless the \u003ctt\u003ememory\u003c/tt\u003e option is passed.\u003c/span\u003e\u003c/p\u003e\u003cp\u003eThis issue affects OTP from OTP 17.0 until OTP\u0026nbsp;28.0.1, OTP\u0026nbsp;27.3.4.1 and OTP\u0026nbsp;26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.\u003c/p\u003e"
}
],
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2\u00a0unless the memory option is passed.\n\nThis issue affects OTP from OTP 17.0 until OTP\u00a028.0.1, OTP\u00a027.3.4.1 and OTP\u00a026.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4."
}
],
"impacts": [
{
"capecId": "CAPEC-597",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-597 Absolute Path Traversal"
}
]
},
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-04T09:07:32.019Z",
"orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"shortName": "EEF"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc"
},
{
"tags": [
"x_version-scheme"
],
"url": "https://www.erlang.org/doc/system/versions.html#order-of-versions"
},
{
"tags": [
"patch"
],
"url": "https://github.com/erlang/otp/pull/9941"
},
{
"tags": [
"patch"
],
"url": "https://github.com/erlang/otp/commit/5a55feec10c9b69189d56723d8f237afa58d5d4f"
},
{
"tags": [
"patch"
],
"url": "https://github.com/erlang/otp/commit/ba2f2bc5f45fcfd2d6201ba07990a678bbf4cc8f"
},
{
"tags": [
"patch"
],
"url": "https://github.com/erlang/otp/commit/578d4001575aa7647ea1efd4b2b7e3afadcc99a5"
}
],
"source": {
"discovery": "USER"
},
"title": "Absolute path traversal in zip:unzip/1,2",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eYou can use \u003c/span\u003e\u003ccode\u003ezip:list_dir/1\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;on the archive and verify that no files contain absolute paths before extracting the archive to disk.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "You can use zip:list_dir/1\u00a0on the archive and verify that no files contain absolute paths before extracting the archive to disk."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"assignerShortName": "EEF",
"cveId": "CVE-2025-4748",
"datePublished": "2025-06-16T11:00:54.643Z",
"dateReserved": "2025-05-15T08:36:54.783Z",
"dateUpdated": "2025-07-04T09:07:32.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46712 (GCVE-0-2025-46712)
Vulnerability from cvelistv5
Published
2025-05-08 19:26
Modified
2025-05-08 20:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-440 - Expected Behavior Violation
Summary
Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This allows a Man-in-the-Middle attacker to inject these messages in a connection during the handshake. This issue has been patched in versions OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25).
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46712",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T20:02:52.990837Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T20:03:27.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "otp",
"vendor": "erlang",
"versions": [
{
"status": "affected",
"version": "\u003e= OTP 27.0, \u003c OTP 27.3.4"
},
{
"status": "affected",
"version": "\u003e= OTP 26.2.1, \u003c OTP 26.2.5.12"
},
{
"status": "affected",
"version": "\u003c OTP 25.3.2.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This allows a Man-in-the-Middle attacker to inject these messages in a connection during the handshake. This issue has been patched in versions OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-440",
"description": "CWE-440: Expected Behavior Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:26:27.563Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/erlang/otp/security/advisories/GHSA-934x-xq38-hhqf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/erlang/otp/security/advisories/GHSA-934x-xq38-hhqf"
},
{
"name": "https://github.com/erlang/otp/releases/tag/OTP-25.3.2.21",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/erlang/otp/releases/tag/OTP-25.3.2.21"
},
{
"name": "https://github.com/erlang/otp/releases/tag/OTP-26.2.5.12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.5.12"
},
{
"name": "https://github.com/erlang/otp/releases/tag/OTP-27.3.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/erlang/otp/releases/tag/OTP-27.3.4"
}
],
"source": {
"advisory": "GHSA-934x-xq38-hhqf",
"discovery": "UNKNOWN"
},
"title": "Erlang/OTP SSH Has Strict KEX Violations"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-46712",
"datePublished": "2025-05-08T19:26:27.563Z",
"dateReserved": "2025-04-28T20:56:09.082Z",
"dateUpdated": "2025-05-08T20:03:27.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-53846 (GCVE-0-2024-53846)
Vulnerability from cvelistv5
Published
2024-12-05 17:02
Modified
2024-12-06 16:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-295 - Improper Certificate Validation
Summary
OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and OTP-27.0, resulting in a server or client verifying the peer when incorrect extended key usage is presented (i.e., a server will verify a client if they have server auth ext key usage and vice versa).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:erlang:otp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "otp",
"vendor": "erlang",
"versions": [
{
"lessThanOrEqual": "25.3.2.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53846",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T16:04:29.566469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T16:26:57.528Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "otp",
"vendor": "erlang",
"versions": [
{
"status": "affected",
"version": "\u003e= 25.3.2.8, \u003c= 25.3.2.16"
},
{
"status": "affected",
"version": "\u003e= 26.2, \u003c= 26.2.5.6"
},
{
"status": "affected",
"version": "\u003e= 27.0, \u003c= 27.1.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and OTP-27.0, resulting in a server or client verifying the peer when incorrect extended key usage is presented (i.e., a server will verify a client if they have server auth ext key usage and vice versa)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T17:02:59.370Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/erlang/otp/security/advisories/GHSA-qw6r-qh9v-638v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/erlang/otp/security/advisories/GHSA-qw6r-qh9v-638v"
}
],
"source": {
"advisory": "GHSA-qw6r-qh9v-638v",
"discovery": "UNKNOWN"
},
"title": "ssl fails to validate incorrect extened key usage"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-53846",
"datePublished": "2024-12-05T17:02:59.370Z",
"dateReserved": "2024-11-22T17:30:02.140Z",
"dateUpdated": "2024-12-06T16:26:57.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32433 (GCVE-0-2025-32433)
Vulnerability from cvelistv5
Published
2025-04-16 21:34
Modified
2025-08-20 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-04-25T23:03:01.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/16/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/18/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/18/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/18/6"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/19/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250425-0001/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32433",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-06-09",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32433"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T03:55:58.576Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/ProDefense/CVE-2025-32433/blob/main/CVE-2025-32433.py"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-09T00:00:00+00:00",
"value": "CVE-2025-32433 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "otp",
"vendor": "erlang",
"versions": [
{
"status": "affected",
"version": "\u003e= OTP-27.0-rc1, \u003c OTP-27.3.3"
},
{
"status": "affected",
"version": "\u003e= OTP-26.0-rc1, \u003c OTP-26.2.5.11"
},
{
"status": "affected",
"version": "\u003c OTP-25.3.2.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T21:34:37.457Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2"
},
{
"name": "https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12"
},
{
"name": "https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f"
},
{
"name": "https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891"
}
],
"source": {
"advisory": "GHSA-37cp-fgq5-7wc2",
"discovery": "UNKNOWN"
},
"title": "Erlang/OTP SSH Vulnerable to Pre-Authentication RCE"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-32433",
"datePublished": "2025-04-16T21:34:37.457Z",
"dateReserved": "2025-04-08T10:54:58.368Z",
"dateUpdated": "2025-08-20T03:55:58.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}