Search for packages
| purl | pkg:deb/ubuntu/erlang@1:18.3-dfsg-1ubuntu3.1 |
| Next non-vulnerable version | 1:22.2.7+dfsg-1 |
| Latest non-vulnerable version | 1:22.2.7+dfsg-1 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-82b5-3c9r-aaae
Aliases: CVE-2020-25623 |
Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used. |
Affected by 0 other vulnerabilities. |
|
VCID-qvhh-kxqn-aaak
Aliases: CVE-2020-35733 |
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2maf-nq67-aaam | The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack). |
CVE-2017-1000385
|
| VCID-m7e7-t8c2-aaas | An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to. |
CVE-2016-10253
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|