CVE-2024-53846

OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and...

CVE-2024-53846

CVE-2024-53846 affects Erlang/OTP’s ssl validation. Connected advisories show that a regression in the ssl app introduced improper peer verification when incorrect extended key usage is presented, affecting OTP releases: 25.3.2.8 and later up to 25.3.2.16, 26.2 up to 26.2.5.6, and 27.0 up to 27.1...