18 matches found
Erlang/OTP 19.3 < 26.2.5.21 / 27.0 < 27.3.4.12 / 28.0 < 28.5.0.1 / 29.0 < 29.0.1 DNS nameConstraints Bypass (CVE-2026-42790)
The version of Erlang/OTP installed on the remote host is 19.3 prior to 26.2.5.21, 27.0 prior to 27.3.4.12, 28.0 prior to 28.5.0.1, or 29.0 prior to 29.0.1. It is, therefore, affected by a vulnerability: - Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeycert and...
EUVD-2015-2864
Malware in sbrugna...
Erlang/OTP (Erlang OTP) < 23.2.3 Privilege Escalation Vulnerability
Erlang/OTP Erlang OTP is prone to a local privilege escalation vulnerability in the erts component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Linux Distros Unpatched Vulnerability : CVE-2022-37026
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations...
Security Bulletin: Erlang/OTP Vulnerability in KEX Init Handling May Lead to High Memory Usage
Summary Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names 64 characters...
Erlang/OTP 17.0 < 26.2.5.13 / 27.0 < 27.3.4.1 / 28.0 < 28.0.1 Path Traversal (CVE-2025-4748)
The version of Erlang/OTP installed on the remote host is 17.0 prior to 26.2.5.13, 27.0 prior to 27.3.4.1, or 28.0 prior to 28.0.1. It is, therefore, affected by an path traversal vulnerability: - Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang...
Erlang/OTP 17.0 < 25.3.2.20 / 26.2 < 26.2.5.11 / 27.0 < 27.3.3 RCE (CVE-2025-32433)
The version of Erlang/OTP installed on the remote host is 17.0 prior to 25.3.2.20, 26.2 prior to 26.2.5.11, or 27.0 prior to 27.3.3. It is, therefore, affected by a remote code execution vulnerability where a serious vulnerability has been identified in the Erlang/OTP SSH server that may allow an...
Erlang/OTP (Erlang OTP) Path Traversal Vulnerability (Jun 2025)
Erlang/OTP Erlang OTP is prone to a restricted directory SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:erlang:erlang%2fotp";...
PT-2025-24632 · Undefined · Undefined
CISA has just added three new vulnerabilities to its Known Exploited Vulnerabilities KEV catalog: Erlang OTP CVE-2024-39992 OpenSSH CVE-2024-39993 Roundcube Webmail CVE-2024-39994 These vulnerabilities are actively being exploited in the wild and must be patched by June 25, 2025, as per Binding...
Erlang/OTP (Erlang OTP) DoS Vulnerability (Feb 2025) - Windows
Erlang/OTP Erlang OTP is prone to a denial of service DoS vulnerability in the SSH component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only C...
Erlang/OTP (Erlang OTP) RCE Vulnerability (Apr 2025) - Linux
Erlang/OTP Erlang OTP is prone to a remote code execution RCE vulnerability in the SSH server component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution
A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform OTP SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions. The vulnerability, tracked as CVE-2025-32433 , has been given the maximum CVSS...
PT-2025-16905
Name of the Vulnerable Software and Affected Versions Erlang/OTP versions prior to OTP-27.3.3 Erlang/OTP versions prior to OTP-26.2.5.11 Erlang/OTP versions prior to OTP-25.3.2.20 Description A critical flaw in the SSH protocol implementation of the Erlang/OTP library allows unauthenticated remot...
CVE-2025-30211
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names 64 characters provided in K...
PT-2025-7604 · Ericsson +6 · Erlang/Otp +6
Name of the Vulnerable Software and Affected Versions: Erlang OTP versions prior to 25.3.2.18 Erlang OTP versions prior to 26.2.5.9 Erlang OTP versions prior to 27.2.4 Description: The issue arises from improper verification of packet size for SFTP packets. When multiple SSH packets are received,...
PT-2025-25546
Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.0.1 Erlang OTP version 27.3.4.1 Erlang OTP version 26.2.5.13 stdlib versions 2.0 through 7.0.1 stdlib version 6.2.2.1 stdlib version 5.2.3.4 Description The issue is related to a Path Traversal vulnerability...
Code injection
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 aka POODLE...
CVE-2015-2774
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 aka POODLE...