|
VCID-154j-a76j-zbfz
|
erlang: TLS server vulnerable to Adaptive Chosen Ciphertext attack allowing plaintext recovery or MITM attack
|
CVE-2017-1000385
|
|
VCID-1py9-5tap-d7fv
|
Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_cert module) allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/public_key/src/pubkey_cert.erl, pubkey_cert:validate_extensions/7 contains two flaws that together allow a certificate with basicConstraints cA:false and no keyUsage extension to be used as an intermediate issuer in a chain passed to public_key:pkix_path_validation/3: the cA:false clause recurses into the remaining extensions without rejecting the certificate when it is in issuer position, and the keyUsage check only fires when the extension is present, so a certificate lacking keyUsage entirely bypasses the keyCertSign enforcement. Any party holding an end-entity certificate with basicConstraints cA:false and no keyUsage extension, issued by any CA in the victim's trust store, can use that certificate's private key to sign forged leaf certificates for arbitrary identities. public_key:pkix_path_validation/3 accepts the resulting chain, and by extension every TLS or mTLS endpoint built on the OTP ssl application that relies on the default verifier is affected, including server identity verification on the client side and client certificate verification on mTLS servers. This issue affects OTP from OTP 17.0 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 0.22 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1.
|
CVE-2026-42789
|
|
VCID-3qbz-kpqk-27ce
|
erlang: KEX init error results with excessive memory usage
|
CVE-2025-30211
|
|
VCID-4ny1-ztaq-yudj
|
erlang/otp: Erlang/OTP kernel: DNS cache poisoning via predictable DNS transaction IDs
|
CVE-2026-28810
|
|
VCID-4qr6-9z6u-ekb3
|
Erlang OTP: Erlang OTP public_key: OCSP authorization bypass and information disclosure due to missing signature verification
|
CVE-2026-32144
|
|
VCID-57pa-s4pz-ukbc
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and program routines ssh_sftpd:is_within_root/2. The SFTP server uses string prefix matching via lists:prefix/2 rather than proper path component validation when checking if a path is within the configured root directory. This allows authenticated users to access sibling directories that share a common name prefix with the configured root directory. For example, if root is set to /home/user1, paths like /home/user10 or /home/user1_backup would incorrectly be considered within the root. This issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to ssh from 3.0.1 until 5.5.1, 5.2.11.6 and 5.1.4.14.
|
CVE-2026-23942
|
|
VCID-5vxe-1smj-fyck
|
|
CVE-2025-46712
|
|
VCID-64dr-ju62-67hf
|
erlang: Erlang Excessive Use of System Resources
|
CVE-2025-48038
|
|
VCID-67vj-n9pk-cyh3
|
erlang: accepts and trusts an invalid X.509 certificate chain
|
CVE-2020-35733
|
|
VCID-6efn-es4z-4udt
|
Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication without any size limit, enabling reliable memory exhaustion DoS. Two compression algorithms are affected: * zlib: Activates immediately after key exchange, enabling unauthenticated attacks * zlib@openssh.com: Activates post-authentication, enabling authenticated attacks Each SSH packet can decompress ~255 MB from 256 KB of wire data (1029:1 amplification ratio). Multiple packets can rapidly exhaust available memory, causing OOM kills in memory-constrained environments. This vulnerability is associated with program files lib/ssh/src/ssh_transport.erl and program routines ssh_transport:decompress/2, ssh_transport:handle_packet_part/4. This issue affects OTP from OTP 17.0 until OTP 28.4.1, 27.3.4.9 and 26.2.5.18 corresponding to ssh from 3.0.1 until 5.5.1, 5.2.11.6 and 5.1.4.14.
|
CVE-2026-23943
|
|
VCID-6pzt-ec8d-t7h5
|
Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via CRLF sequences in the (1) user, (2) account, (3) cd, (4) ls, (5) nlist, (6) rename, (7) delete, (8) mkdir, (9) rmdir, (10) recv, (11) recv_bin, (12) recv_chunk_start, (13) send, (14) send_bin, (15) send_chunk_start, (16) append_chunk_start, (17) append, or (18) append_bin command.
|
CVE-2014-1693
|
|
VCID-7xus-u1y7-3uap
|
The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.
|
CVE-2011-0766
|
|
VCID-7xvh-aqcu-uyb4
|
|
CVE-2026-42791
|
|
VCID-8a5v-tu8j-7kfe
|
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted (e.g. permitted;DNS:allowed.example.com) to issue a leaf certificate that an OTP TLS client accepts as a valid identity for an out-of-scope hostname (e.g. victim.example.com): First, pubkey_cert:validate_names/6 in lib/public_key/src/pubkey_cert.erl only checks SAN DNS entries against nameConstraints. Per RFC 5280, a permitted DNS subtree only restricts certificates that contain a DNS-typed name. A leaf with no subjectAltName therefore trivially satisfies any permitted;DNS:... constraint regardless of its subject commonName. Second, public_key:pkix_verify_hostname/3 in lib/public_key/src/public_key.erl falls back to the subject commonName when no subjectAltName is present, extracting id-at-commonName attributes as presented IDs and matching them against the reference hostname. The strict pkix_verify_hostname_match_fun(https) matcher does not suppress this fallback. The result is that path validation accepts a CN-only leaf under a DNS-constrained intermediate (no SAN means the nameConstraints are not triggered), and hostname verification then accepts it via the CN fallback. The bypass is reachable from stock ssl:connect with verify_peer, a trusted CA, SNI, and the canonical strict https hostname matcher. This issue affects OTP from OTP 19.3 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 1.4 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1.
|
CVE-2026-42790
|
|
VCID-8n22-d5uj-wkdm
|
erlang: Erlang Exhaustion of File Handles
|
CVE-2025-48041
|
|
VCID-a6m2-yp7x-mbfs
|
erlang/otp: Client Authentication Bypass
|
CVE-2022-37026
|
|
VCID-bhqe-322z-xqhq
|
|
CVE-2025-32433
|
|
VCID-bkyt-f23n-ukfu
|
Erlang/OTP: allows attackers to read arbitrary files via a crafted HTTP request
|
CVE-2020-25623
|
|
VCID-d2mt-nbtf-b3fy
|
erlang: Erlang Excessive Resource Consumption
|
CVE-2025-48040
|
|
VCID-h7x2-fxke-tkdp
|
erlang: allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy serve
|
CVE-2016-1000107
|
|
VCID-he8m-w61m-b7c4
|
erlang: Heap-buffer overflow via regular expressions
|
CVE-2016-10253
|
|
VCID-k8x8-z9nh-gug2
|
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
|
CVE-2015-2774
|
|
VCID-mfnh-3d2j-9qfm
|
yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0.
|
CVE-2020-12872
|
|
VCID-nr5s-ac3b-xfeb
|
arbitrary file overwrite
|
CVE-2025-4748
|
|
VCID-nwj4-gjte-qyhd
|
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/http_server/httpd_request.erl and program routines httpd_request:parse_headers/7. The server does not reject or normalize duplicate Content-Length headers. The earliest Content-Length in the request is used for body parsing while common reverse proxies (nginx, Apache httpd, Envoy) honor the last Content-Length value. This violates RFC 9112 Section 6.3 and allows front-end/back-end desynchronization, leaving attacker-controlled bytes queued as the start of the next request. This issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to inets from 5.10 until 9.6.1, 9.3.2.3 and 9.1.0.5.
|
CVE-2026-23941
|
|
VCID-py26-h7q6-6yd1
|
A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions.
|
CVE-2021-29221
|
|
VCID-qqzg-7f84-4fhz
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon (ssh_sftpd) stores the raw, user-supplied path in file handles instead of the chroot-resolved path. When SSH_FXP_FSETSTAT is issued on such a handle, file attributes (permissions, ownership, timestamps) are modified on the real filesystem path, bypassing the root directory boundary entirely. Any authenticated SFTP user on a server configured with the root option can modify file attributes of files outside the intended chroot boundary. The prerequisite is that a target file must exist on the real filesystem at the same relative path. Note that this vulnerability only allows modification of file attributes; file contents cannot be read or altered through this attack vector. If the SSH daemon runs as root, this enables direct privilege escalation: an attacker can set the setuid bit on any binary, change ownership of sensitive files, or make system configuration world-writable. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and program routines ssh_sftpd:do_open/4 and ssh_sftpd:handle_op/4. This issue affects OTP from OTP 17.0 until OTP 28.4.3, 27.3.4.11, and 26.2.5.20 corresponding to ssh from 3.01 until 5.5.3, 5.2.11.7, and 5.1.4.15.
|
CVE-2026-32147
|
|
VCID-r7kk-7uc2-zyab
|
erlang: ssl fails to validate incorrect extened key usage
|
CVE-2024-53846
|
|
VCID-t139-hf7z-sfbc
|
ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
|
CVE-2023-48795
GHSA-45x7-px36-x8w8
|
|
VCID-t88b-xjzm-43a7
|
otp: erlang: SSH SFTP packet size not verified properly in Erlang OTP
|
CVE-2025-26618
|
|
VCID-vqax-fdy8-gkcv
|
erlang: Erlang OTP tftp_file modules: Information disclosure via relative path traversal
|
CVE-2026-21620
|
|
VCID-w7tu-du5n-zuee
|
erlang: Erlang Excessive Use of System Resources
|
CVE-2025-48039
|
|
VCID-ws6x-zs8f-b3d5
|
erlang/otp: inets: Erlang OTP inets modules: Unauthenticated access to protected CGI scripts via incorrect authorization
|
CVE-2026-28808
|
|
VCID-x6pd-2arc-gqdq
|
HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
|
CVE-2011-3389
|
|
VCID-xet9-63wg-3fgw
|
SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
|
CVE-2014-3566
|