Medium severity5.9NVD Advisory· Published Apr 7, 2016· Updated May 6, 2026

CVE-2015-2774

Description

Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).

Affected products

Erlang/Erlang\/otp
cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
Range: <=18.0
OpenSUSE/openSUSE
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Oracle Corporation/Solaris
cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-updates/2016-02/msg00124.htmlnvdThird Party Advisory
openwall.com/lists/oss-security/2015/03/27/6nvdThird Party Advisory
www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlnvdThird Party Advisory
web.archive.org/web/20150905124006/http://www.erlang.org/news/85nvdRelease Notes
www.imperialviolet.org/2014/12/08/poodleagain.htmlnvdTechnical Description
openwall.com/lists/oss-security/2015/03/27/9nvd
www.securityfocus.com/bid/73398nvd
usn.ubuntu.com/3571-1/nvd

News mentions

No linked articles in our index yet.

cvss	0.384
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000