CVE-2025-26618

EPSS 0.34%
Veröffentlicht 20.02.2025 19:15:11
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

SSH SFTP packet size not verified properly in Erlang OTP

Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang. Packet size is not verified properly for SFTP packets. As a result when multiple SSH packets (conforming to max SSH packet size) are received by ssh, they might be combined into an SFTP packet which will exceed the max allowed packet size and potentially cause large amount of memory to be allocated. Note that situation described above can only happen for successfully authenticated users after completing the SSH handshake. This issue has been patched in OTP versions 27.2.4, 26.2.5.9, and 25.3.2.18. There are no known workarounds for this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellererlang

≫

Produkt otp

Version >= OTP-27.0.0, < OTP-27.2.4

Status affected

Version >= OTP-26.0.0.0, < OTP-26.2.5.9

Status affected

Version < OTP-25.3.2.18

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.34%	0.568

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7	0	0	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-789 Memory Allocation with Excessive Size Value

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

https://github.com/erlang/otp/commit/0ed2573cbd55c92e9125c9dc70fa1ca7fed82872

https://github.com/erlang/otp/security/advisories/GHSA-78cv-45vx-q6fr

https://erlang.org/download/OTP-27.2.4.README.md

https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html

https://nvd.nist.gov/vuln/detail/CVE-2025-26618

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-26618

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-26618

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-26618