CVE-2025-30211Memory Allocation with Excessive Size Value in OTP

CWE-789Memory Allocation with Excessive Size Value7 documents7 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 32.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Erlang OTP
Timeline
PublishedMar 28
Latest updateApr 8

Description

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names (64 characters) provided in KEX init message. Big KEX init packet may lead to inefficient processing of the error data. As a result, large amount of memory will be allocated for processing malicious data. Versions OTP-27.3.1, OTP-

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

CVEListV5erlang/otp< OTP-27.3.1+2

🔴Vulnerability Details

2
CVEList
KEX init error results with excessive memory usage2025-03-28
OSV
CVE-2025-30211: Erlang/OTP is a set of libraries for the Erlang programming language2025-03-28

📋Vendor Advisories

4
Ubuntu
Erlang vulnerability2025-04-08
Red Hat
erlang: KEX init error results with excessive memory usage2025-03-28
Microsoft
KEX init error results with excessive memory usage2025-03-11
Debian
CVE-2025-30211: erlang - Erlang/OTP is a set of libraries for the Erlang programming language. Prior to v...2025
CVE-2025-30211 — Erlang OTP vulnerability | cvebase