rpm package
suse/erlang&distro=SUSE Package Hub 12
pkg:rpm/suse/erlang&distro=SUSE%20Package%20Hub%2012
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-1000385 | Med | 5.9 | < 18.3.4.7-9.1 | 18.3.4.7-9.1 | Dec 12, 2017 | The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack). | |
| CVE-2016-10253 | Cri | 9.8 | < 18.3.4.7-9.1 | 18.3.4.7-9.1 | Mar 18, 2017 | An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regio |
- affected < 18.3.4.7-9.1fixed 18.3.4.7-9.1
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).
- affected < 18.3.4.7-9.1fixed 18.3.4.7-9.1
An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regio