Erlang

Erlang/otp

33 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.35%
  • Veröffentlicht 10.06.2026 14:35:43
  • Zuletzt bearbeitet 15.06.2026 18:23:51

Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enumeration via timing side-channel in password authentication. When the SSH daemon is configured with the user_pass...

  • EPSS 0.5%
  • Veröffentlicht 10.06.2026 14:35:38
  • Zuletzt bearbeitet 30.06.2026 03:20:29

Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctp_parse_error_chunk function in erts/emulator/drivers/common/inet_dr...

  • EPSS 0.14%
  • Veröffentlicht 10.06.2026 14:35:36
  • Zuletzt bearbeitet 15.06.2026 18:23:19

Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface) allows Stack-based Buffer Overflow. This vulnerability is associated with program file lib/erl_interface/src/misc/ei_printterm.c and program routine ei_s_print_term. The C func...

  • EPSS 0.34%
  • Veröffentlicht 27.05.2026 15:09:01
  • Zuletzt bearbeitet 30.06.2026 03:19:41

Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA...

  • EPSS 0.32%
  • Veröffentlicht 27.05.2026 12:23:13
  • Zuletzt bearbeitet 02.06.2026 19:18:00

Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkey_ocsp:verify_response/...

  • EPSS 0.32%
  • Veröffentlicht 27.05.2026 12:23:06
  • Zuletzt bearbeitet 30.06.2026 03:19:41

Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_cert module) allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/public_key/src/pubkey_c...

  • EPSS 0.35%
  • Veröffentlicht 21.04.2026 12:01:20
  • Zuletzt bearbeitet 21.05.2026 17:37:07

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon (s...

  • EPSS 0.53%
  • Veröffentlicht 07.04.2026 12:28:16
  • Zuletzt bearbeitet 30.06.2026 03:18:03

Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to CGI scripts protected by directory rules when served via script_alias. When script_alias maps a URL prefix to a directory outside DocumentRoot, mod_...

  • EPSS 0.2%
  • Veröffentlicht 07.04.2026 12:28:00
  • Zuletzt bearbeitet 30.06.2026 03:18:28

Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in public_key:pkix_ocsp_validate/5 doe...

  • EPSS 0.27%
  • Veröffentlicht 07.04.2026 07:50:11
  • Zuletzt bearbeitet 23.04.2026 15:18:31

Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning. The built-in DNS resolver (inet_res) uses a sequential, process-global 16-bit transaction ID for UDP queries ...