Latest Erlang Vulnerabilities

CVE-2023-48795
Prefix Truncation Attacks in SSH Specification (Terrapin Attack)
pip/paramiko>=2.5.0<3.4.0
go/golang.org/x/crypto<0.17.0
rust/russh<0.40.2
Apple macOS Sonoma<14.4
Openbsd Openssh<9.6
Putty Putty<0.80
and 128 more
CVE-2022-37026
In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.
ubuntu/erlang<1:22.2.7+dfsg-1ubuntu0.2
ubuntu/erlang<1:24.2.1+dfsg-1ubuntu0.1
ubuntu/erlang<1:24.3.4.1+dfsg-1ubuntu0.1
ubuntu/erlang<1:24.3.4.5+dfsg-1
debian/erlang<=1:21.2.6+dfsg-1
Erlang Erlang\/otp<23.3.4.15
and 2 more
CVE-2021-29221
A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of othe...
Erlang Erlang\/otp<23.2.3
Microsoft Windows
CVE-2020-35733
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.
Erlang Erlang\/otp<23.2.2
Fedoraproject Fedora=33
CVE-2020-25623
Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used.
Erlang Erlang\/otp>=22.3.0<22.3.4.6
Erlang Erlang\/otp>=23.0.0<23.1
CVE-2020-13802
Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification.
Erlang Rebar3>=3.1.0<=3.13.2
Erlang Rebar3=3.0.0-beta3
Erlang Rebar3=3.0.0-beta4
CVE-2016-1000107
inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable,...
debian/erlang<=1:21.2.6+dfsg-1<=1:22.2.7+dfsg-1+deb10u1<=1:23.2.6+dfsg-1+deb11u1<=1:25.2.3+dfsg-1
Erlang Erlang\/otp<=22.1
CVE-2019-1000014
Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. T...
Erlang Rebar3>=3.7.0<=3.7.5

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203