Erlang/OTP 安全漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions, developed by Erlang/OTP. This library can catch exceptions caused by Node.js’s built-in APIs. Erlang/OTP ssh versions prior to 6.0.0 had a security vulnerability. This vulnerability stemmed from the sshauth module’s use of...

EEF-CVE-2026-47066 Infinite loop in Alt-Svc header parser in hackney

Summary Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackneyaltsvc.erl does not guarantee forward progress. When parsetoken/2 receives a non-token, non-whitespace, non-comma byte e.g. !...

The vulnerability of theOTP library set in the Erlang programming language lies in the lack of control over the data entered by users. This allows attackers to trigger a service failure.

The vulnerability of theOTP library in the Erlang programming language is related to the lack of control over the data entered by users. Exploiting this vulnerability could allow a malicious actor to cause service failures...

CVE-2024-31209

oidcc is the OpenID Connect client library for Erlang. Denial of Service DoS by Atom exhaustion is possible by calling oidccproviderconfigurationworker:getproviderconfiguration/1 or oidccproviderconfigurationworker:getjwks/1. This issue has been patched in versions3.1.2 & 3.2.0-beta.3...

AZL-60441 CVE-2025-32433 affecting package erlang for versions less than 26.2.5.11-1

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protocol message handling, a malicious actor...