CVSS: 9.8EPSS: 0%CPEs: 67EXPL: 0CVE-2016-10253
https://notcve.org/view.php?id=CVE-2016-10253
An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to. Se ha descubierto un problema en Erlang/OTP 18.x. • https://github.com/erlang/otp/pull/1108 https://usn.ubuntu.com/3571-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2015-2774
https://notcve.org/view.php?id=CVE-2015-2774
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). Erlang/OTP en versiones anteriores a 18.0-rc1 no comprueba correctamente los bytes de relleno CBC cuando finaliza las conexiones, lo que hace más fácil para atacantes man-in-the-middle obtener datos en texto plano a través de un ataque padding-oracle, una variante de CVE-2014-3566 (también conocida como POODLE). • http://lists.opensuse.org/opensuse-updates/2016-02/msg00124.html http://openwall.com/lists/oss-security/2015/03/27/6 http://openwall.com/lists/oss-security/2015/03/27/9 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/73398 https://usn.ubuntu.com/3571-1 https://web.archive.org/web/20150905124006/http://www.erlang.org/news/85 https://www.imperialviolet.org/2014/12/08/poodleagain.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •