6 matches found
EEF-CVE-2026-55950 DTLS listener crash via race condition in dtls_packet_demux causes denial of service for all sessions
Summary Time-of-check Time-of-use TOCTOU race condition vulnerability in Erlang/OTP ssl dtls\packet\demux module allows an unauthenticated remote attacker to crash all active DTLS sessions on a listener. A DTLS server listener uses a single shared dtls\packet\demux gen\server process to route...
CVE-2026-55952 TLS 1.3 server denial of service via malformed ClientHello pre-shared key extension
The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tlshandshake13:handlepresharedkey/3, an OfferedPreSharedKeys record with a...
Linux Distros Unpatched Vulnerability : CVE-2026-48860
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN...
CVE-2024-53846
A regression flaw was introduced into Erlang OTP's SSL application. This issue results in a server or client verifying the peer when incorrect extended key usage is presented. For example, a server will verify if a client has server auth ext key usage and vice versa...
CVE-2022-37026
In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS...
CVE-2020-35733
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority...