Erlang » Erlang/otp » 20.1.7 : Security Vulnerabilities, CVEs, CVSS score >= 7
In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.
Max CVSS
9.8
EPSS Score
0.19%
Published
2022-09-21
Updated
2023-07-11
A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions.
Max CVSS
7.0
EPSS Score
0.07%
Published
2021-04-09
Updated
2021-04-20
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.
Max CVSS
7.5
EPSS Score
0.14%
Published
2021-01-15
Updated
2021-03-31
3 vulnerabilities found