Erlang

Erlang/otp

33 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.14%
  • Veröffentlicht 02.07.2026 16:06:30
  • Zuletzt bearbeitet 07.07.2026 14:46:21

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl (tls_gen_connection module) allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client applicat...

  • EPSS 0.38%
  • Veröffentlicht 02.07.2026 16:06:24
  • Zuletzt bearbeitet 07.07.2026 14:45:59

Time-of-check Time-of-use (TOCTOU) race condition vulnerability in Erlang/OTP ssl (dtls_packet_demux module) allows an unauthenticated remote attacker to crash all active DTLS sessions on a listener. A DTLS server listener uses a single shared dtls_...

  • EPSS 0.33%
  • Veröffentlicht 02.07.2026 16:06:20
  • Zuletzt bearbeitet 07.07.2026 14:53:35

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handle_data/4 function in ssh_sftpd contains a catch-...

  • EPSS 0.49%
  • Veröffentlicht 02.07.2026 16:06:08
  • Zuletzt bearbeitet 07.07.2026 14:44:47

The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tls_handshake_1_3:handle_pre...

  • EPSS 0.24%
  • Veröffentlicht 02.07.2026 16:06:04
  • Zuletzt bearbeitet 07.07.2026 14:52:32

Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl (DTLS server) allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtls_server_connection:initial_...

  • EPSS 0.26%
  • Veröffentlicht 02.07.2026 16:06:03
  • Zuletzt bearbeitet 07.07.2026 14:56:32

Observable Response Discrepancy vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSH_FXP_REALPATH handler in ssh_sftpd...

  • EPSS 0.34%
  • Veröffentlicht 10.06.2026 14:41:51
  • Zuletzt bearbeitet 15.06.2026 18:23:43

Sensitive Data Exposure vulnerability in Erlang OTP inets (httpc_response module) allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking wheth...

  • EPSS 0.28%
  • Veröffentlicht 10.06.2026 14:35:49
  • Zuletzt bearbeitet 15.06.2026 18:23:33

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh (ssh_sftpd module) allows File Discovery. The SSH_FXP_READLINK handler in ssh_sftpd sends the raw result of file:read_link/2 to the client without calling chr...

  • EPSS 0.19%
  • Veröffentlicht 10.06.2026 14:35:49
  • Zuletzt bearbeitet 15.06.2026 18:24:03

Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl (inet_tls_dist module) allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inet_tls_dist:check_ip/1 function, which enforces a LAN allowlist for Erla...

  • EPSS 0.23%
  • Veröffentlicht 10.06.2026 14:35:45
  • Zuletzt bearbeitet 11.06.2026 19:27:00

Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP ftp (ftp_internal module) allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftp_internal:handle_ctrl_result/2 PASV handler (mode=passive, ipfamily=inet,...