VulnerableCode Package Details - pkg:deb/debian/erlang@1:27.3.4%2Bdfsg-1?distro=trixie

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/erlang@1:27.3.4%2Bdfsg-1?distro=trixie

purl	pkg:deb/debian/erlang@1:27.3.4%2Bdfsg-1?distro=trixie

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-z6gs-aq96-gkaw	Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This allows a Man-in-the-Middle attacker to inject these messages in a connection during the handshake. This issue has been patched in versions OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25).	CVE-2025-46712

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-13T12:47:32.516583+00:00	Debian Importer	Fixing	VCID-z6gs-aq96-gkaw	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:21:48.841730+00:00	Debian Importer	Fixing	VCID-z6gs-aq96-gkaw	https://security-tracker.debian.org/tracker/data/json	38.1.0