RSS   Vulnerabilities for 'Erlang/otp'   RSS

2017-12-12
 
CVE-2017-1000385

CWE-310
 

 
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).

 
2017-03-18
 
CVE-2016-10253

CWE-119
 

 
An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to.

 
2014-12-08
 
CVE-2014-1693

CWE-Other
 

 
Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via CRLF sequences in the (1) user, (2) account, (3) cd, (4) ls, (5) nlist, (6) rename, (7) delete, (8) mkdir, (9) rmdir, (10) recv, (11) recv_bin, (12) recv_chunk_start, (13) send, (14) send_bin, (15) send_chunk_start, (16) append_chunk_start, (17) append, or (18) append_bin command.

 
2011-05-31
 
CVE-2011-0766

CWE-310
 

 
The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.

 

 >>> Vendor: Erlang 5 Products
Erlang
Crypto
Erlang/otp
OTP
Rebar3


Copyright 2019, cxsecurity.com

 

Back to Top