Debian Erlang vulnerabilities

CVE-2026-23941 [HIGH] CVE-2026-23941: erlang - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerab... Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/http_server/httpd_request.erl and program routines httpd_request:parse_headers/7. The server does not reject or normalize duplicate Content-Length head

CVE-2026-28808 [HIGH] CVE-2026-28808: erlang - Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unaut... Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to CGI scripts protected by directory rules when served via script_alias. When script_alias maps a URL prefix to a directory outside DocumentRoot, mod_auth evaluates directory-based access controls against the DocumentRoot-relative path while mod_cgi executes the script

CVE-2026-23943 [MEDIUM] CVE-2026-23943: erlang - Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in ... Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication without any size limit, enabling reliable memory exhaustion DoS. Two

CVE-2026-28810 [MEDIUM] CVE-2026-28810: erlang - Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP ker... Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning. The built-in DNS resolver (inet_res) uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization. Response validation relies almost entirely on this ID, making DNS ca

CVE-2026-23942 [MEDIUM] CVE-2026-23942: erlang - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v... Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and program routines ssh_sftpd:is_within_root/2. The SFTP server uses string prefix matching via lists:prefix/2 rather than proper path comp

CVE-2026-21620 [LOW] CVE-2026-21620: erlang - Relative Path Traversal, Improper Isolation or Compartmentalization vulnerabilit... Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal. This vulnerability is associated with program files lib/tftp/src/tftp_file.erl, src/tftp_file.erl. This issue affects otp: from 17.0, fr

CVE-2026-32144 [HIGH] CVE-2026-32144: erlang - Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_o... Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in public_key:pkix_ocsp_validate/5 does not verify that a CA-designated responder certificate was cryptographically signed by the issuing CA. Instead, it only

CVE-2025-32433 [CRITICAL] CVE-2025-32433: erlang - Erlang/OTP is a set of libraries for the Erlang programming language. Prior to v... Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbi

CVE-2025-48041 [HIGH] CVE-2025-48041: erlang - Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP... Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.1

CVE-2025-26618 [HIGH] CVE-2025-26618: erlang - Erlang is a programming language and runtime system for building massively scala... Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang. Packet size is not verified properly for SFTP packets. As a result when multiple

CVE-2025-30211 [HIGH] CVE-2025-30211: erlang - Erlang/OTP is a set of libraries for the Erlang programming language. Prior to v... Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names (64 characters) provided in KEX init message. Big KEX init packet may lead to inefficient processin

CVE-2025-48040 [MEDIUM] CVE-2025-48040: erlang - Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modu... Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12. Scope: local b

CVE-2025-4748 [MEDIUM] CVE-2025-4748: erlang - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v... Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed. This is

CVE-2025-48038 [MEDIUM] CVE-2025-48038: erlang - Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP... Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.

CVE-2025-48039 [MEDIUM] CVE-2025-48039: erlang - Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP... Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.

CVE-2025-46712 [LOW] CVE-2025-46712: erlang - Erlang/OTP is a set of libraries for the Erlang programming language. In version... Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This allows a Man-in-the-Middle attacker to inject these messages in a conn

CVE-2024-53846 [MEDIUM] CVE-2024-53846: erlang - OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a... OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and OTP-27.0, resulting in a server or client verifying the peer when incorrec

CVE-2023-48795 [MEDIUM] CVE-2023-48795: dropbear - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH bef... The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabl

CVE-2022-37026 [CRITICAL] CVE-2022-37026: erlang - In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, th... In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS. Scope: local bookworm: resolved (fixed in 1:24.3.4.5+dfsg-1) bullseye: resolved (fixed in 1:23.2.6+dfsg-1+deb11u1) forky: resolved (fixed in 1:24.3.4.5+dfsg-1) sid: resolved (fixed

CVE-2021-29221 [HIGH] CVE-2021-29221: erlang - A local privilege escalation vulnerability was discovered in Erlang/OTP prior to... A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute arbitrary code as Local System. This can occur only under specific cond