Vulnerability Details : CVE-2020-35733
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.
Products affected by CVE-2020-35733
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-35733
0.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-35733
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2020-35733
-
The product does not validate, or incorrectly validates, a certificate.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-35733
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4CXZWUOZELT7A5ZN6DJRQHX7L35V4PW/
[SECURITY] Fedora 33 Update: erlang-23.2.3-1.fc33 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://www.erlang.org/news
Erlang Programming LanguageRelease Notes;Vendor Advisory
-
https://www.erlang.org/downloads
Erlang Programming LanguageProduct;Vendor Advisory
-
https://github.com/erlang/otp/releases
Releases · erlang/otp · GitHubThird Party Advisory
-
https://erlang.org/pipermail/erlang-questions/2021-January/100357.html
Patch Package OTP 23.2.2 ReleasedMailing List;Release Notes;Vendor Advisory
Jump to