VulnerableCode Package Details - pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u1

Search for packages

Vulnerability	Summary	Fixed by
VCID-4wxk-5vxa-e7dq Aliases: CVE-2025-4748	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed. This issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.	1:25.2.3+dfsg-1+deb12u3 Affected by 0 other vulnerabilities. 1:27.3.4.1+dfsg-1 Affected by 0 other vulnerabilities.
VCID-5cep-ztmj-9baq Aliases: CVE-2025-46712	Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This allows a Man-in-the-Middle attacker to inject these messages in a connection during the handshake. This issue has been patched in versions OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25).	1:25.2.3+dfsg-1+deb12u3 Affected by 0 other vulnerabilities. 1:27.3.4.1+dfsg-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-4wxk-5vxa-e7dq
Aliases:
CVE-2025-4748

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed. This issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.

1:25.2.3+dfsg-1+deb12u3
Affected by 0 other vulnerabilities.

1:27.3.4.1+dfsg-1
Affected by 0 other vulnerabilities.

VCID-5cep-ztmj-9baq
Aliases:
CVE-2025-46712

Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This allows a Man-in-the-Middle attacker to inject these messages in a connection during the handshake. This issue has been patched in versions OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25).

1:25.2.3+dfsg-1+deb12u3
Affected by 0 other vulnerabilities.

1:27.3.4.1+dfsg-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T17:51:37.765108+00:00	Debian Oval Importer	Fixing	VCID-k2ft-41tf-mbbs	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:31:21.722709+00:00	Debian Oval Importer	Fixing	VCID-gkup-pzdr-eyav	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:29:45.812603+00:00	Debian Oval Importer	Fixing	VCID-nsmv-hc2b-9bca	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:33:54.626317+00:00	Debian Oval Importer	Fixing	VCID-rmk2-8vdv-ubdt	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:20:40.541883+00:00	Debian Importer	Affected by	VCID-4wxk-5vxa-e7dq	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T12:58:13.906927+00:00	Debian Importer	Affected by	VCID-5cep-ztmj-9baq	https://security-tracker.debian.org/tracker/data/json	37.0.0