CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4748 – Absolute path traversal in zip:unzip/1,2
https://notcve.org/view.php?id=CVE-2025-4748
16 Jun 2025 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed. This issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3... • https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-46712 – Erlang/OTP SSH Has Strict KEX Violations
https://notcve.org/view.php?id=CVE-2025-46712
08 May 2025 — Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This allows a Man-in-the-Middle attacker to inject these messages in a connection during the handshake. This issue has been patched in versions OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (f... • https://github.com/erlang/otp/security/advisories/GHSA-934x-xq38-hhqf • CWE-440: Expected Behavior Violation •
CVSS: 10.0EPSS: 57%CPEs: 3EXPL: 25CVE-2025-32433 – Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability
https://notcve.org/view.php?id=CVE-2025-32433
16 Apr 2025 — Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround in... • https://packetstorm.news/files/id/190739 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-30211 – KEX init error results with excessive memory usage
https://notcve.org/view.php?id=CVE-2025-30211
28 Mar 2025 — Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names (64 characters) provided in KEX init message. Big KEX init packet may lead to inefficient processing of the error data. As a result, large amount of memory will be allocated for processing malicious data. • https://github.com/erlang/otp/security/advisories/GHSA-vvr3-fjhh-cfwc • CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-26618 – SSH SFTP packet size not verified properly in Erlang OTP
https://notcve.org/view.php?id=CVE-2025-26618
20 Feb 2025 — Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang. Packet size is not verified properly for SFTP packets. As a result when multiple SSH packets (conforming to max SSH packet size) are received by ssh, they might be combined into an SFTP packet which will exceed the max allow... • https://github.com/erlang/otp/commit/0ed2573cbd55c92e9125c9dc70fa1ca7fed82872 • CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53846 – ssl fails to validate incorrect extened key usage
https://notcve.org/view.php?id=CVE-2024-53846
05 Dec 2024 — OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and OTP-27.0, resulting in a server or client verifying the peer when incorrect extended key usage is presented (i.e., a server will verify a client if they have server auth ext key usage and vice versa). • https://github.com/erlang/otp/security/advisories/GHSA-qw6r-qh9v-638v • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 80%CPEs: 79EXPL: 5CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-37026 – erlang/otp: Client Authentication Bypass
https://notcve.org/view.php?id=CVE-2022-37026
21 Sep 2022 — In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS. En Erlang/OTP versiones anteriores a 23.3.4.15, 24.x anteriores a 24.3.4.2 y 25.x anteriores a 25.0.2, se presenta una Omisión de Autenticación de Cliente en determinadas situaciones de certificación de cliente para SSL, TLS y DTLS A Client Authentication Bypass was found in Erlang/OTP. This issue occurs in certain client-cer... • https://erlangforums.com/c/erlang-news-announcements/91 • CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-29221
https://notcve.org/view.php?id=CVE-2021-29221
09 Apr 2021 — A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions. Se detectó una vulnerabilidad de escalada de privilegios local en Erlang/OTP anterior a v... • https://deepsurface.com/deepsurface-security-advisory-local-privilege-escalation-in-erlang-on-windows-cve-2021-29221 • CWE-426: Untrusted Search Path •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35733
https://notcve.org/view.php?id=CVE-2020-35733
15 Jan 2021 — An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority. Se detectó un problema en Erlang/OTP versiones anteriores a 23.2.2. La aplicación ssl versión 10.2, acepta y confía en una cadena de certificados X.509 no válida para una Autoridad de Certificación root confiable • https://erlang.org/pipermail/erlang-questions/2021-January/100357.html • CWE-295: Improper Certificate Validation •