Known Vulnerabilities for products from Erlang
Listed below are 12 of the newest known vulnerabilities associated with the vendor "Erlang".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-29221 | A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existi... | 7 - HIGH | 2021-04-09 | 2021-04-20 |
| CVE-2020-35733 | An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate... | 7.5 - HIGH | 2021-01-15 | 2023-11-07 |
| CVE-2020-25623 | Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP reques... | 7.5 - HIGH | 2020-10-02 | 2020-10-09 |
| CVE-2020-13802 | Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification. | 9.8 - CRITICAL | 2020-09-02 | 2021-07-21 |
| CVE-2019-1000014 | Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that c... | 8.8 - HIGH | 2019-02-04 | 2021-07-21 |
| CVE-2017-1000385 | The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This all... | 5.9 - MEDIUM | 2017-12-12 | 2019-10-03 |
| CVE-2016-1000107 | inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from th... | 6.1 - MEDIUM | 2019-12-10 | 2019-12-19 |
| CVE-2016-10253 | An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overf... | 9.8 - CRITICAL | 2017-03-18 | 2018-07-11 |
| CVE-2015-2774 | Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for ... | 5.9 - MEDIUM | 2016-04-07 | 2023-02-21 |
| CVE-2014-1693 | Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject ar... | 7.5 - HIGH | 2014-12-08 | 2018-03-16 |
| CVE-2011-0766 | The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh lib... | 7.8 - HIGH | 2011-05-31 | 2023-09-25 |
| CVE-2009-0130 | ** DISPUTED ** lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value from the OpenSSL DSA_do_verif... | 5 - MEDIUM | 2009-01-15 | 2023-11-07 |
Known software with vulnerabilities from Erlang
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Erlang | Crypto | 1.0 |
| Application | Erlang | Erlang/otp | 17.0 |
| Application | Erlang | Otp | - |
| Application | Erlang | Rebar3 | 3.0.0 |