Search for packages
| purl | pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1 |
| Next non-vulnerable version | 1:27.3.4.10+dfsg-1 |
| Latest non-vulnerable version | 1:27.3.4.10+dfsg-1 |
| Risk | 3.8 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-gcn7-ak4r-eba3
Aliases: CVE-2026-28808 |
Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to CGI scripts protected by directory rules when served via script_alias. When script_alias maps a URL prefix to a directory outside DocumentRoot, mod_auth evaluates directory-based access controls against the DocumentRoot-relative path while mod_cgi executes the script at the ScriptAlias-resolved path. This path mismatch allows unauthenticated access to CGI scripts that directory rules were meant to protect. This vulnerability is associated with program files lib/inets/src/http_server/mod_alias.erl, lib/inets/src/http_server/mod_auth.erl, and lib/inets/src/http_server/mod_cgi.erl. This issue affects OTP from OTP 17.0 until OTP 28.4.2, 27.3.4.10 and 26.2.5.19 corresponding to inets from 5.10 until 9.6.2, 9.3.2.4 and 9.1.0.6. |
Affected by 0 other vulnerabilities. |
|
VCID-h1k4-x8vr-5bch
Aliases: CVE-2026-23943 |
Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication without any size limit, enabling reliable memory exhaustion DoS. Two compression algorithms are affected: * zlib: Activates immediately after key exchange, enabling unauthenticated attacks * zlib@openssh.com: Activates post-authentication, enabling authenticated attacks Each SSH packet can decompress ~255 MB from 256 KB of wire data (1029:1 amplification ratio). Multiple packets can rapidly exhaust available memory, causing OOM kills in memory-constrained environments. This vulnerability is associated with program files lib/ssh/src/ssh_transport.erl and program routines ssh_transport:decompress/2, ssh_transport:handle_packet_part/4. This issue affects OTP from OTP 17.0 until OTP 28.4.1, 27.3.4.9 and 26.2.5.18 corresponding to ssh from 3.0.1 until 5.5.1, 5.2.11.6 and 5.1.4.14. |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-j7t3-nrjj-pfgp
Aliases: CVE-2026-28810 |
Affected by 0 other vulnerabilities. |
|
|
VCID-s9qn-9qdm-j7ej
Aliases: CVE-2026-23941 |
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/http_server/httpd_request.erl and program routines httpd_request:parse_headers/7. The server does not reject or normalize duplicate Content-Length headers. The earliest Content-Length in the request is used for body parsing while common reverse proxies (nginx, Apache httpd, Envoy) honor the last Content-Length value. This violates RFC 9112 Section 6.3 and allows front-end/back-end desynchronization, leaving attacker-controlled bytes queued as the start of the next request. This issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to inets from 5.10 until 9.6.1, 9.3.2.3 and 9.1.0.5. |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-w9yj-xg82-kyac
Aliases: CVE-2026-21620 |
erlang: Erlang OTP tftp_file modules: Information disclosure via relative path traversal |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-wwcj-hwqc-f3g7
Aliases: CVE-2026-23942 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and program routines ssh_sftpd:is_within_root/2. The SFTP server uses string prefix matching via lists:prefix/2 rather than proper path component validation when checking if a path is within the configured root directory. This allows authenticated users to access sibling directories that share a common name prefix with the configured root directory. For example, if root is set to /home/user1, paths like /home/user10 or /home/user1_backup would incorrectly be considered within the root. This issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to ssh from 3.0.1 until 5.5.1, 5.2.11.6 and 5.1.4.14. |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-zegc-rj1x-ryau
Aliases: CVE-2026-32144 |
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in public_key:pkix_ocsp_validate/5 does not verify that a CA-designated responder certificate was cryptographically signed by the issuing CA. Instead, it only checks that the responder certificate's issuer name matches the CA's subject name and that the certificate has the OCSPSigning extended key usage. An attacker who can intercept or control OCSP responses can create a self-signed certificate with a matching issuer name and the OCSPSigning EKU, and use it to forge OCSP responses that mark revoked certificates as valid. This affects SSL/TLS clients using OCSP stapling, which may accept connections to servers with revoked certificates, potentially transmitting sensitive data to compromised servers. Applications using the public_key:pkix_ocsp_validate/5 API directly are also affected, with impact depending on usage context. This vulnerability is associated with program files lib/public_key/src/pubkey_ocsp.erl and program routines pubkey_ocsp:is_authorized_responder/3. This issue affects OTP from OTP 27.0 until OTP 28.4.2 and 27.3.4.10 corresponding to public_key from 1.16 until 1.20.3 and 1.17.1.2, and ssl from 11.2 until 11.5.4 and 11.2.12.7. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1283-nvxm-r7cw | erlang: Erlang Excessive Use of System Resources |
CVE-2025-48038
|
| VCID-28fj-t5hy-x3gn | erlang: Erlang Excessive Resource Consumption |
CVE-2025-48040
|
| VCID-c3vm-u9jn-83cs | erlang: Erlang Excessive Use of System Resources |
CVE-2025-48039
|
| VCID-jxzt-8wru-6yhk | erlang: Erlang Exhaustion of File Handles |
CVE-2025-48041
|
| VCID-xcks-117s-v3dd | erlang: allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy serve |
CVE-2016-1000107
|