First published: Mon Dec 04 2017(Updated: )
An erlang TLS server configured with cipher suites using rsa key exchange, may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server’s private key itself. References: <a href="https://groups.google.com/forum/#!topic/erlang-programming/J0LH-j6fRlM">https://groups.google.com/forum/#!topic/erlang-programming/J0LH-j6fRlM</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Erlang Erlang\/otp | =18.3.4.7 | |
Erlang Erlang\/otp | =19.3.6.4 | |
Erlang Erlang\/otp | =20.1.7 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
redhat/erlang | <20.1.7 | 20.1.7 |
debian/erlang | 1:23.2.6+dfsg-1+deb11u1 1:25.2.3+dfsg-1 1:25.3.2.12+dfsg-3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.