VulnerableCode Package Details - pkg:deb/ubuntu/erlang@1:18.0-dfsg-1ubuntu2

Search for packages

Package details: pkg:deb/ubuntu/erlang@1:18.0-dfsg-1ubuntu2

Essentials
History (0)

purl	pkg:deb/ubuntu/erlang@1:18.0-dfsg-1ubuntu2

Next non-vulnerable version	1:22.2.7+dfsg-1
Latest non-vulnerable version	1:22.2.7+dfsg-1
Risk	10.0

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-2maf-nq67-aaam Aliases: CVE-2017-1000385	The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).	1:18.3-dfsg-1ubuntu3.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-82b5-3c9r-aaae Aliases: CVE-2020-25623	Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used.	1:22.2.7+dfsg-1 Affected by 0 other vulnerabilities.
VCID-m7e7-t8c2-aaas Aliases: CVE-2016-10253	An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to.	1:18.3-dfsg-1ubuntu3.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-qvhh-kxqn-aaak Aliases: CVE-2020-35733	An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.	1:22.2.7+dfsg-1 Affected by 0 other vulnerabilities.
VCID-uuds-amf8-aaae Aliases: CVE-2015-2774	Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).	1:18.3-dfsg-1ubuntu3 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version