First published: Wed Sep 21 2022(Updated: )
In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
ubuntu/erlang | <1:22.2.7+dfsg-1ubuntu0.2 | 1:22.2.7+dfsg-1ubuntu0.2 |
ubuntu/erlang | <1:24.2.1+dfsg-1ubuntu0.1 | 1:24.2.1+dfsg-1ubuntu0.1 |
ubuntu/erlang | <1:24.3.4.1+dfsg-1ubuntu0.1 | 1:24.3.4.1+dfsg-1ubuntu0.1 |
ubuntu/erlang | <1:24.3.4.5+dfsg-1 | 1:24.3.4.5+dfsg-1 |
debian/erlang | <=1:21.2.6+dfsg-1 | 1:23.2.6+dfsg-1+deb11u1 1:25.2.3+dfsg-1 |
Erlang Erlang\/otp | <23.3.4.15 | |
Erlang Erlang\/otp | >=24.0<24.3.4.2 | |
Erlang Erlang\/otp | >=25.0<25.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.