pkg:Debian/erlang
41 total CVEsCRITICAL6HIGH5MEDIUM13LOW3
✅ Check your installed version
All known vulnerabilities
- CRITICAL10.0CVE-2025-32433⚠ KEVErlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerabilityfrom 0, < 1:23.2.6+dfsg-1+deb11u2
- CRITICAL9.8CVE-2026-28808Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to CGI scripts protected by directory rul…from 0
- from 0, < 1:22.2.7+dfsg-1+deb10u1
- from 0, < 1:23.2.6+dfsg-1+deb11u1
- from 0, < 1:19.2.1+dfsg-2
- CRITICAL9.4CVE-2026-23941Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Reques…from 0, < 1:23.2.6+dfsg-1+deb11u4
- from 0, < 1:23.2.6+dfsg-1+deb11u2
- from 0, < 1:23.2.2+dfsg-1
- HIGH7.5CVE-2020-25623Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal.from 0, < 1:23.1+dfsg-1
- HIGH7.5CVE-2009-0130lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value from the OpenSSL DSA_do_verify function, which might allow…from 0
- HIGH7.4CVE-2026-32144Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization…from 0
- MEDIUM6.1CVE-2016-1000107inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of…from 0
- MEDIUM5.9CVE-2023-48795Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapinfrom 0, < 1:23.2.6+dfsg-1+deb11u2
- MEDIUM5.9CVE-2023-48795Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapinfrom 0, < 1:23.2.6+dfsg-1+deb11u2
- MEDIUM5.9CVE-2023-48795Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapinfrom 0, < 1:25.2.3+dfsg-1+deb12u1
- from 0, < 1:15.b.1-dfsg-4+deb7u2
- from 0, < 1:20.1.7+dfsg-1
- from 0, < 1:17.3-dfsg-4+deb8u2
- MEDIUM5.9CVE-2015-2774Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-mid…from 0, < 1:17.3-dfsg-4
- MEDIUM5.5CVE-2024-53846OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang…from 0, < 1:27.2+dfsg-1
- MEDIUM5.5CVE-2020-12872yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if runni…from 0, < 1:21.2.6+dfsg-1
- MEDIUM5.4CVE-2026-23942Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path T…from 0, < 1:23.2.6+dfsg-1+deb11u4
- MEDIUM5.3CVE-2026-23943Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Ser…from 0, < 1:23.2.6+dfsg-1+deb11u4
- MEDIUM4.3CVE-2026-32147Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an…from 0
- LOW3.7CVE-2026-28810Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning.from 0
- from 0
- from 0, < 1:17.3-dfsg-3
- —CVE-2026-42790Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints by…from 0
- —CVE-2026-42791Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an exp…from 0
- —CVE-2026-42789Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_cert module) allows a non-CA certificat…from 0
- —CVE-2026-21620Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp…from 0, < 1:23.2.6+dfsg-1+deb11u4
- —CVE-2025-48041Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Floodi…from 0, < 1:23.2.6+dfsg-1+deb11u3
- —CVE-2025-48040Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding.from 0
- —CVE-2025-48039Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resour…from 0, < 1:23.2.6+dfsg-1+deb11u3
- —CVE-2025-48038Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resour…from 0, < 1:23.2.6+dfsg-1+deb11u3
- from 0, < 1:23.2.6+dfsg-1+deb11u3
- from 0, < 1:23.2.6+dfsg-1+deb11u3
- —CVE-2025-26618Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availa…from 0, < 1:23.2.6+dfsg-1+deb11u2
- —CVE-2014-1693Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP co…from 0, < 1:16.b.3.1-dfsg-3
- from 0, < 1:15.b-dfsg-1
- —CVE-2011-0766The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R1…from 0, < 1:14.b.3-dfsg-1