Erlang Otp vulnerabilities
29 known vulnerabilities affecting erlang/erlang_otp.
Total CVEs
29
CISA KEV
1
actively exploited
Public exploits
2
Exploited in wild
2
Severity breakdown
CRITICAL5HIGH8MEDIUM14LOW2
Vulnerabilities
Page 2 of 2
CVE-2021-29221P4HIGHCVSS 7.0fixed in 23.2.32021-04-09
CVE-2021-29221 [HIGH] CWE-426 CVE-2021-29221: A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By
A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute arbitrary code as Local System. This can occur only unde
nvd
CVE-2026-23943P4MEDIUMCVSS 5.3≥ 17.0, < 26.2.5.18≥ 27.0, < 27.3.4.9+1 more2026-03-13
CVE-2026-23943 [MEDIUM] CWE-409 CVE-2026-23943: Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_
Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion.
The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication without any size limit, enabling reliable memory ex
nvd
CVE-2016-1000107P4MEDIUMCVSS 6.1≤ 22.12019-12-10
CVE-2016-1000107 [MEDIUM] CWE-601 CVE-2016-1000107: inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not pro
inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in a
nvdosv
CVE-2015-2774P4MEDIUMCVSS 5.9≤ 18.02016-04-07
CVE-2015-2774 [MEDIUM] CVE-2015-2774: Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, w
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
nvdosv
CVE-2026-42789P4MEDIUMCVSS 4.8≥ 17.0, < 26.2.5.21≥ 27.0, < 27.3.4.12+2 more2026-05-27
CVE-2026-42789 [MEDIUM] CWE-295 CVE-2026-42789: Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_
Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_cert module) allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery.
In lib/public_key/src/pubkey_cert.erl, pubkey_cert:validate_extensions/7 contains two flaws that together allow a certificate with
nvd
CVE-2026-32147P4MEDIUMCVSS 4.3≥ 17.0, < 26.2.5.20≥ 27.0, < 27.3.4.11+1 more2026-04-21
CVE-2026-32147 [MEDIUM] CWE-22 CVE-2026-32147: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erla
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to modify file attributes outside the configured chroot directory.
The SFTP daemon (ssh_sftpd) stores the raw, user-supplied path in file handles instead of the chroot-resolved path. When
nvd
CVE-2026-49760P4MEDIUMCVSS 5.5≥ 17.0, < 27.3.4.13≥ 28.0, < 28.5.0.2+1 more2026-06-10
CVE-2026-49760 [MEDIUM] CWE-121 CVE-2026-49760: Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface) allows Stack-based Buffer Ov
Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface) allows Stack-based Buffer Overflow.
This vulnerability is associated with program file lib/erl_interface/src/misc/ei_printterm.c and program routine ei_s_print_term.
The C function ei_s_print_term uses an internal 2000-character stack buffer to format terms. When called with a
nvd
CVE-2026-42791P4LOWCVSS 3.7≥ 27.0, < 27.3.4.12≥ 28.0, < 28.5.0.1+1 more2026-05-27
CVE-2026-42791 [LOW] CWE-295 CVE-2026-42791: Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows f
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid.
OCSP response verification in pubkey_ocsp:verify_response/5 and pubkey_ocsp:is_authorized_responder/3 in lib/public_key/src/pubkey_ocsp.erl does not check the val
nvd
CVE-2026-28810P4LOWCVSS 3.7≥ 17.0, < 26.2.5.19≥ 27.0, < 27.3.4.10+1 more2026-04-07
CVE-2026-28810 [LOW] CWE-340 CVE-2026-28810: Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_
Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning.
The built-in DNS resolver (inet_res) uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization. Response validation relies almost entirely on this ID,
nvd
← Previous2 / 2