Search for packages
| purl | pkg:deb/ubuntu/erlang@1:18.3-dfsg-1ubuntu3 |
| Next non-vulnerable version | 1:22.2.7+dfsg-1 |
| Latest non-vulnerable version | 1:22.2.7+dfsg-1 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2maf-nq67-aaam
Aliases: CVE-2017-1000385 |
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack). |
Affected by 2 other vulnerabilities. |
|
VCID-82b5-3c9r-aaae
Aliases: CVE-2020-25623 |
Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used. |
Affected by 0 other vulnerabilities. |
|
VCID-m7e7-t8c2-aaas
Aliases: CVE-2016-10253 |
An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to. |
Affected by 2 other vulnerabilities. |
|
VCID-qvhh-kxqn-aaak
Aliases: CVE-2020-35733 |
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-uuds-amf8-aaae | Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). |
CVE-2015-2774
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|