Erlang\/otp
by Erlang
Source repositories
CVEs (26)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42791 | Low | 0.17 | 3.7 | 0.00 | May 27, 2026 | Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkey_ocsp:verify_response/5 and… | ||
| CVE-2026-28810 | Low | 0.17 | 3.7 | 0.00 | Apr 7, 2026 | Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning. The built-in DNS resolver (inet_res) uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source… | ||
| CVE-2025-46712 | Low | 0.17 | 3.7 | 0.00 | May 8, 2025 | Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages… | ||
| CVE-2020-35733 | 0.00 | — | 0.01 | Jan 15, 2021 | An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority. | |||
| CVE-2014-1693 | 0.00 | — | 0.02 | Dec 8, 2014 | Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via CRLF sequences in the (1) user, (2) account, (3) cd, (4) ls, (5) nlist, (6) rename, (7) delete, (8) mkdir, (9) rmdir, (10) recv,… | |||
| CVE-2011-0766 | 0.00 | — | 0.03 | May 31, 2011 | The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys. |
- risk 0.17cvss 3.7epss 0.00
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkey_ocsp:verify_response/5 and…
- risk 0.17cvss 3.7epss 0.00
Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning. The built-in DNS resolver (inet_res) uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source…
- risk 0.17cvss 3.7epss 0.00
Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages…
- CVE-2020-35733Jan 15, 2021risk 0.00cvss —epss 0.01
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.
- CVE-2014-1693Dec 8, 2014risk 0.00cvss —epss 0.02
Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via CRLF sequences in the (1) user, (2) account, (3) cd, (4) ls, (5) nlist, (6) rename, (7) delete, (8) mkdir, (9) rmdir, (10) recv,…
- CVE-2011-0766May 31, 2011risk 0.00cvss —epss 0.03
The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.
Page 2 of 2