Search for packages
Package details: pkg:deb/ubuntu/erlang@1:9.2.2-1
purl pkg:deb/ubuntu/erlang@1:9.2.2-1
Next non-vulnerable version 1:22.2.7+dfsg-1
Latest non-vulnerable version 1:22.2.7+dfsg-1
Risk 10.0
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-2maf-nq67-aaam
Aliases:
CVE-2017-1000385
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).
1:16.b.3-dfsg-1ubuntu2.2
Affected by 3 other vulnerabilities.
1:18.3-dfsg-1ubuntu3.1
Affected by 2 other vulnerabilities.
VCID-82b5-3c9r-aaae
Aliases:
CVE-2020-25623
Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used.
1:22.2.7+dfsg-1
Affected by 0 other vulnerabilities.
VCID-m7e7-t8c2-aaas
Aliases:
CVE-2016-10253
An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to.
1:18.3-dfsg-1ubuntu3.1
Affected by 2 other vulnerabilities.
VCID-qvhh-kxqn-aaak
Aliases:
CVE-2020-35733
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.
1:22.2.7+dfsg-1
Affected by 0 other vulnerabilities.
VCID-uuds-amf8-aaae
Aliases:
CVE-2015-2774
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
1:16.b.3-dfsg-1ubuntu2.2
Affected by 3 other vulnerabilities.
1:18.3-dfsg-1ubuntu3
Affected by 4 other vulnerabilities.
VCID-xeyw-byt7-aaan
Aliases:
CVE-2014-1693
Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via CRLF sequences in the (1) user, (2) account, (3) cd, (4) ls, (5) nlist, (6) rename, (7) delete, (8) mkdir, (9) rmdir, (10) recv, (11) recv_bin, (12) recv_chunk_start, (13) send, (14) send_bin, (15) send_chunk_start, (16) append_chunk_start, (17) append, or (18) append_bin command.
1:16.b.3-dfsg-1ubuntu2.2
Affected by 3 other vulnerabilities.
1:17.3-dfsg-3ubuntu1
Affected by 5 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version