VYPR
Medium severity5.5OSV Advisory· Published Dec 5, 2024· Updated Apr 15, 2026

CVE-2024-53846

CVE-2024-53846

Description

OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and OTP-27.0, resulting in a server or client verifying the peer when incorrect extended key usage is presented (i.e., a server will verify a client if they have server auth ext key usage and vice versa).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Erlang/OTPOSV2 versions
    OTP-25.3.2.10, OTP-25.3.2.11, OTP-25.3.2.12, …+ 1 more
    • (no CPE)range: OTP-25.3.2.10, OTP-25.3.2.11, OTP-25.3.2.12, …
    • (no CPE)range: >= 25.3.2.8, >= 26.2, >= 27.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.