10 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-53846
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design...
Erlang/OTP 25.3.2.8 < 25.3.2.16 / 26.2 < 26.2.5.6 / 27.0 < 27.1.3 Improper Certificate Validation (CVE-2024-53846)
The version of Erlang/OTP installed on the remote host is 25.3.2.8 prior to 25.3.2.16, 26.2 prior to 26.2.5.6, or 27.0 prior to 27.1.3. It is, therefore, affected by an improper certificate validation vulnerability: - OTP is a set of Erlang libraries, which consists of the Erlang runtime system, ...
Erlang/OTP (Erlang OTP) Improper Certificate Validation Vulnerability (Dec 2024)
Erlang/OTP Erlang OTP is prone to an improper certificate validation vulnerability in the ssl component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
CVE-2024-53846 affecting package erlang for versions less than 26.2.5.6-1
CVE-2024-53846 affecting package erlang for versions less than 26.2.5.6-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-53846
A regression flaw was introduced into Erlang OTP's SSL application. This issue results in a server or client verifying the peer when incorrect extended key usage is presented. For example, a server will verify if a client has server auth ext key usage and vice versa...
CVE-2024-53846
OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and...
CVE-2024-53846
OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and...
CVE-2024-53846 ssl fails to validate incorrect extened key usage
OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and...
CVE-2024-53846
CVE-2024-53846 affects Erlang/OTP’s ssl validation. Connected advisories show that a regression in the ssl app introduced improper peer verification when incorrect extended key usage is presented, affecting OTP releases: 25.3.2.8 and later up to 25.3.2.16, 26.2 up to 26.2.5.6, and 27.0 up to 27.1...
CVE-2024-53846 ssl fails to validate incorrect extened key usage
OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and...