Erlang

Erlang/otp

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2025-48041

  • EPSS 0.05%
  • Veröffentlicht 11.09.2025 08:14:20
  • Zuletzt bearbeitet 11.09.2025 17:14:10

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form...

6.9

CVE-2025-48040

  • EPSS 0.06%
  • Veröffentlicht 11.09.2025 08:14:19
  • Zuletzt bearbeitet 11.09.2025 17:14:10

Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP...

5.3

CVE-2025-48039

  • EPSS 0.05%
  • Veröffentlicht 11.09.2025 08:13:36
  • Zuletzt bearbeitet 11.09.2025 17:14:10

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue af...

5.3

CVE-2025-48038

  • EPSS 0.05%
  • Veröffentlicht 11.09.2025 08:13:04
  • Zuletzt bearbeitet 11.09.2025 17:14:10

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue af...

4.8

CVE-2025-4748

  • EPSS 0.04%
  • Veröffentlicht 16.06.2025 11:15:18
  • Zuletzt bearbeitet 04.07.2025 10:15:23

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl ...

7

CVE-2021-29221

Exploit
  • EPSS 0.11%
  • Veröffentlicht 09.04.2021 14:15:12
  • Zuletzt bearbeitet 21.11.2024 06:00:51

A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce...

7.5

CVE-2020-35733

  • EPSS 0.22%
  • Veröffentlicht 15.01.2021 14:15:14
  • Zuletzt bearbeitet 21.11.2024 05:27:58

An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.

7.5

CVE-2020-25623

  • EPSS 0.93%
  • Veröffentlicht 02.10.2020 12:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:15

Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used.

6.1

CVE-2016-1000107

  • EPSS 0.53%
  • Veröffentlicht 10.12.2019 18:15:09
  • Zuletzt bearbeitet 21.11.2024 02:42:52

inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an...