CVE-2026-55952 (GCVE-0-2026-55952)

Vulnerability from cvelistv5 – Published: 2026-07-02 16:06 – Updated: 2026-07-03 04:29
VLAI
Title
TLS 1.3 server denial of service via malformed ClientHello pre-shared key extension
Summary
The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tls_handshake_1_3:handle_pre_shared_key/3, an OfferedPreSharedKeys record with a mismatched number of identities and binders is forwarded directly to tls_server_session_ticket:use/4, which crashes the session ticket handler process. An unauthenticated remote attacker can send a single crafted ClientHello to a TLS 1.3 server with session tickets enabled (stateful or stateless mode) and permanently disrupt session ticket handling on that listener. New TLS 1.3 handshakes complete but subsequently crash when the server attempts to issue a session ticket, effectively making TLS 1.3 unusable on the affected listener until the ssl application is restarted. TLS 1.2 connections are not affected. This issue affects OTP from 22.2 before 29.0.3, 28.5.0.3 and 27.3.4.14 corresponding to ssl from 9.5 before 11.7.3, 11.6.0.3 and 11.2.12.10.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
EEF
Impacted products
Vendor Product Version
Erlang OTP Affected: 9.5 , < * (otp)
    cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
Create a notification for this product.
Erlang OTP Affected: 22.2 , < * (otp)
Affected: 339a279f02ce38a7b23010e56000613e19abb21f , < * (git)
    cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Lukas Backström Ingela Anderton Andin Dan Gudmundsson Jakub Witczak
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-55952",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-02T17:28:09.569991Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-02T17:28:15.681Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "modules": [
            "tls_handshake_1_3"
          ],
          "packageName": "ssl",
          "packageURL": "pkg:otp/ssl?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp\u0026vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git",
          "product": "OTP",
          "programFiles": [
            "src/tls_handshake_1_3.erl"
          ],
          "programRoutines": [
            {
              "name": "tls_handshake_1_3:handle_pre_shared_key/3"
            }
          ],
          "repo": "https://github.com/erlang/otp",
          "vendor": "Erlang",
          "versions": [
            {
              "changes": [
                {
                  "at": "11.7.3",
                  "status": "unaffected"
                },
                {
                  "at": "11.6.0.3",
                  "status": "unaffected"
                },
                {
                  "at": "11.2.12.10",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "9.5",
              "versionType": "otp"
            }
          ]
        },
        {
          "collectionURL": "https://github.com",
          "cpes": [
            "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "modules": [
            "tls_handshake_1_3"
          ],
          "packageName": "erlang/otp",
          "packageURL": "pkg:github/erlang/otp",
          "product": "OTP",
          "programFiles": [
            "lib/ssl/src/tls_handshake_1_3.erl"
          ],
          "programRoutines": [
            {
              "name": "tls_handshake_1_3:handle_pre_shared_key/3"
            }
          ],
          "repo": "https://github.com/erlang/otp",
          "vendor": "Erlang",
          "versions": [
            {
              "changes": [
                {
                  "at": "29.0.3",
                  "status": "unaffected"
                },
                {
                  "at": "28.5.0.3",
                  "status": "unaffected"
                },
                {
                  "at": "27.3.4.14",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "22.2",
              "versionType": "otp"
            },
            {
              "changes": [
                {
                  "at": "e77823e6d980b2ec0b4fe4ea3f2d098ca239e3ce",
                  "status": "unaffected"
                },
                {
                  "at": "2c3e599797644310e5d4aa39c7193420e59dadff",
                  "status": "unaffected"
                },
                {
                  "at": "9b5437c72fa3403a75c1aba28e5c532bc191c662",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "339a279f02ce38a7b23010e56000613e19abb21f",
              "versionType": "git"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe vulnerability only affects TLS 1.3 servers that have session tickets enabled (either stateful or stateless mode). TLS 1.2 connections and clients are not affected.\u003c/p\u003e"
            }
          ],
          "value": "The vulnerability only affects TLS 1.3 servers that have session tickets enabled (either stateful or stateless mode). TLS 1.2 connections and clients are not affected."
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "27.3.4.14",
                  "versionStartIncluding": "22.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "28.5.0.3",
                  "versionStartIncluding": "28.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "29.0.3",
                  "versionStartIncluding": "29.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "AND"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Lukas Backstr\u00f6m"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Ingela Anderton Andin"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Dan Gudmundsson"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Jakub Witczak"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe Erlang/OTP \u003ctt\u003essl\u003c/tt\u003e application does not validate that the PSK identity list and binder list carried in a TLS 1.3 \u003ctt\u003eClientHello\u003c/tt\u003e pre-shared key extension have equal length before passing them to the session ticket handler. In \u003ctt\u003etls_handshake_1_3:handle_pre_shared_key/3\u003c/tt\u003e, an \u003ctt\u003eOfferedPreSharedKeys\u003c/tt\u003e record with a mismatched number of identities and binders is forwarded directly to \u003ctt\u003etls_server_session_ticket:use/4\u003c/tt\u003e, which crashes the session ticket handler process.\u003c/p\u003e\u003cp\u003eAn unauthenticated remote attacker can send a single crafted \u003ctt\u003eClientHello\u003c/tt\u003e to a TLS 1.3 server with session tickets enabled (stateful or stateless mode) and permanently disrupt session ticket handling on that listener. New TLS 1.3 handshakes complete but subsequently crash when the server attempts to issue a session ticket, effectively making TLS 1.3 unusable on the affected listener until the \u003ctt\u003essl\u003c/tt\u003e application is restarted. TLS 1.2 connections are not affected.\u003c/p\u003e\u003cp\u003eThis issue affects OTP from 22.2 before 29.0.3, 28.5.0.3 and 27.3.4.14 corresponding to ssl from 9.5 before 11.7.3, 11.6.0.3 and 11.2.12.10.\u003c/p\u003e"
            }
          ],
          "value": "The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tls_handshake_1_3:handle_pre_shared_key/3, an OfferedPreSharedKeys record with a mismatched number of identities and binders is forwarded directly to tls_server_session_ticket:use/4, which crashes the session ticket handler process.\n\nAn unauthenticated remote attacker can send a single crafted ClientHello to a TLS 1.3 server with session tickets enabled (stateful or stateless mode) and permanently disrupt session ticket handling on that listener. New TLS 1.3 handshakes complete but subsequently crash when the server attempts to issue a session ticket, effectively making TLS 1.3 unusable on the affected listener until the ssl application is restarted. TLS 1.2 connections are not affected.\n\nThis issue affects OTP from 22.2 before 29.0.3, 28.5.0.3 and 27.3.4.14 corresponding to ssl from 9.5 before 11.7.3, 11.6.0.3 and 11.2.12.10."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-153",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-153 Input Data Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-03T04:29:07.026Z",
        "orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
        "shortName": "EEF"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "related"
          ],
          "url": "https://github.com/erlang/otp/security/advisories/GHSA-8c57-44c9-pc59"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://cna.erlef.org/cves/CVE-2026-55952.html"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://osv.dev/vulnerability/EEF-CVE-2026-55952"
        },
        {
          "tags": [
            "x_version-scheme"
          ],
          "url": "https://www.erlang.org/doc/system/versions.html#order-of-versions"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/erlang/otp/commit/e77823e6d980b2ec0b4fe4ea3f2d098ca239e3ce"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/erlang/otp/commit/2c3e599797644310e5d4aa39c7193420e59dadff"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/erlang/otp/commit/9b5437c72fa3403a75c1aba28e5c532bc191c662"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "TLS 1.3 server denial of service via malformed ClientHello pre-shared key extension",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cul\u003e\u003cli\u003eDisable session tickets on TLS 1.3 servers by setting \u003ctt\u003esession_tickets\u003c/tt\u003e to \u003ctt\u003edisabled\u003c/tt\u003e in the server\u0027s \u003ctt\u003essl\u003c/tt\u003e options.\u003c/li\u003e\u003cli\u003eRestrict the server to TLS 1.2 by setting \u003ctt\u003eversions\u003c/tt\u003e to \u003ctt\u003e[\u0027tlsv1.2\u0027]\u003c/tt\u003e in the server\u0027s \u003ctt\u003essl\u003c/tt\u003e options.\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "* Disable session tickets on TLS 1.3 servers by setting session_tickets to disabled in the server\u0027s ssl options.\n* Restrict the server to TLS 1.2 by setting versions to [\u0027tlsv1.2\u0027] in the server\u0027s ssl options."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
    "assignerShortName": "EEF",
    "cveId": "CVE-2026-55952",
    "datePublished": "2026-07-02T16:06:08.474Z",
    "dateReserved": "2026-06-17T17:55:15.686Z",
    "dateUpdated": "2026-07-03T04:29:07.026Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-55952",
      "date": "2026-07-03",
      "epss": "0.00464",
      "percentile": "0.36911"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-55952\",\"sourceIdentifier\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\",\"published\":\"2026-07-02T17:17:03.067\",\"lastModified\":\"2026-07-02T18:16:49.687\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tls_handshake_1_3:handle_pre_shared_key/3, an OfferedPreSharedKeys record with a mismatched number of identities and binders is forwarded directly to tls_server_session_ticket:use/4, which crashes the session ticket handler process.\\n\\nAn unauthenticated remote attacker can send a single crafted ClientHello to a TLS 1.3 server with session tickets enabled (stateful or stateless mode) and permanently disrupt session ticket handling on that listener. New TLS 1.3 handshakes complete but subsequently crash when the server attempts to issue a session ticket, effectively making TLS 1.3 unusable on the affected listener until the ssl application is restarted. TLS 1.2 connections are not affected.\\n\\nThis issue affects OTP from 22.2 before 29.0.3, 28.5.0.3 and 27.3.4.14 corresponding to ssl from 9.5 before 11.7.3, 11.6.0.3 and 11.2.12.10.\"}],\"affected\":[{\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\",\"affectedData\":[{\"vendor\":\"Erlang\",\"product\":\"OTP\",\"defaultStatus\":\"unaffected\",\"packageName\":\"ssl\",\"cpes\":[\"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\"],\"modules\":[\"tls_handshake_1_3\"],\"programFiles\":[\"src/tls_handshake_1_3.erl\"],\"programRoutines\":[{\"name\":\"tls_handshake_1_3:handle_pre_shared_key/3\"}],\"repo\":\"https://github.com/erlang/otp\",\"packageURL\":\"pkg:otp/ssl?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp\u0026vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git\",\"versions\":[{\"version\":\"9.5\",\"lessThan\":\"*\",\"versionType\":\"otp\",\"status\":\"affected\",\"changes\":[{\"at\":\"11.7.3\",\"status\":\"unaffected\"},{\"at\":\"11.6.0.3\",\"status\":\"unaffected\"},{\"at\":\"11.2.12.10\",\"status\":\"unaffected\"}]}]},{\"vendor\":\"Erlang\",\"product\":\"OTP\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://github.com\",\"packageName\":\"erlang/otp\",\"cpes\":[\"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\"],\"modules\":[\"tls_handshake_1_3\"],\"programFiles\":[\"lib/ssl/src/tls_handshake_1_3.erl\"],\"programRoutines\":[{\"name\":\"tls_handshake_1_3:handle_pre_shared_key/3\"}],\"repo\":\"https://github.com/erlang/otp\",\"packageURL\":\"pkg:github/erlang/otp\",\"versions\":[{\"version\":\"22.2\",\"lessThan\":\"*\",\"versionType\":\"otp\",\"status\":\"affected\",\"changes\":[{\"at\":\"29.0.3\",\"status\":\"unaffected\"},{\"at\":\"28.5.0.3\",\"status\":\"unaffected\"},{\"at\":\"27.3.4.14\",\"status\":\"unaffected\"}]},{\"version\":\"339a279f02ce38a7b23010e56000613e19abb21f\",\"lessThan\":\"*\",\"versionType\":\"git\",\"status\":\"affected\",\"changes\":[{\"at\":\"e77823e6d980b2ec0b4fe4ea3f2d098ca239e3ce\",\"status\":\"unaffected\"},{\"at\":\"2c3e599797644310e5d4aa39c7193420e59dadff\",\"status\":\"unaffected\"},{\"at\":\"9b5437c72fa3403a75c1aba28e5c532bc191c662\",\"status\":\"unaffected\"}]}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-07-02T17:28:09.569991Z\",\"id\":\"CVE-2026-55952\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1284\"}]}],\"references\":[{\"url\":\"https://cna.erlef.org/cves/CVE-2026-55952.html\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://github.com/erlang/otp/commit/2c3e599797644310e5d4aa39c7193420e59dadff\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://github.com/erlang/otp/commit/9b5437c72fa3403a75c1aba28e5c532bc191c662\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://github.com/erlang/otp/commit/e77823e6d980b2ec0b4fe4ea3f2d098ca239e3ce\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://github.com/erlang/otp/security/advisories/GHSA-8c57-44c9-pc59\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://osv.dev/vulnerability/EEF-CVE-2026-55952\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://www.erlang.org/doc/system/versions.html#order-of-versions\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-55952\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-07-02T17:28:09.569991Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-07-02T17:28:12.551Z\"}}], \"cna\": {\"title\": \"TLS 1.3 server denial of service via malformed ClientHello pre-shared key extension\", \"source\": {\"discovery\": \"INTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Lukas Backstr\\u00f6m\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Ingela Anderton Andin\"}, {\"lang\": \"en\", \"type\": \"remediation reviewer\", \"value\": \"Dan Gudmundsson\"}, {\"lang\": \"en\", \"type\": \"remediation reviewer\", \"value\": \"Jakub Witczak\"}], \"impacts\": [{\"capecId\": \"CAPEC-153\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-153 Input Data Manipulation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\"], \"repo\": \"https://github.com/erlang/otp\", \"vendor\": \"Erlang\", \"modules\": [\"tls_handshake_1_3\"], \"product\": \"OTP\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"11.7.3\", \"status\": \"unaffected\"}, {\"at\": \"11.6.0.3\", \"status\": \"unaffected\"}, {\"at\": \"11.2.12.10\", \"status\": \"unaffected\"}], \"version\": \"9.5\", \"lessThan\": \"*\", \"versionType\": \"otp\"}], \"packageURL\": \"pkg:otp/ssl?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp\u0026vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git\", \"packageName\": \"ssl\", \"programFiles\": [\"src/tls_handshake_1_3.erl\"], \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"tls_handshake_1_3:handle_pre_shared_key/3\"}]}, {\"cpes\": [\"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\"], \"repo\": \"https://github.com/erlang/otp\", \"vendor\": \"Erlang\", \"modules\": [\"tls_handshake_1_3\"], \"product\": \"OTP\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"29.0.3\", \"status\": \"unaffected\"}, {\"at\": \"28.5.0.3\", \"status\": \"unaffected\"}, {\"at\": \"27.3.4.14\", \"status\": \"unaffected\"}], \"version\": \"22.2\", \"lessThan\": \"*\", \"versionType\": \"otp\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"e77823e6d980b2ec0b4fe4ea3f2d098ca239e3ce\", \"status\": \"unaffected\"}, {\"at\": \"2c3e599797644310e5d4aa39c7193420e59dadff\", \"status\": \"unaffected\"}, {\"at\": \"9b5437c72fa3403a75c1aba28e5c532bc191c662\", \"status\": \"unaffected\"}], \"version\": \"339a279f02ce38a7b23010e56000613e19abb21f\", \"lessThan\": \"*\", \"versionType\": \"git\"}], \"packageURL\": \"pkg:github/erlang/otp\", \"packageName\": \"erlang/otp\", \"programFiles\": [\"lib/ssl/src/tls_handshake_1_3.erl\"], \"collectionURL\": \"https://github.com\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"tls_handshake_1_3:handle_pre_shared_key/3\"}]}], \"references\": [{\"url\": \"https://github.com/erlang/otp/security/advisories/GHSA-8c57-44c9-pc59\", \"tags\": [\"vendor-advisory\", \"related\"]}, {\"url\": \"https://cna.erlef.org/cves/CVE-2026-55952.html\", \"tags\": [\"related\"]}, {\"url\": \"https://osv.dev/vulnerability/EEF-CVE-2026-55952\", \"tags\": [\"related\"]}, {\"url\": \"https://www.erlang.org/doc/system/versions.html#order-of-versions\", \"tags\": [\"x_version-scheme\"]}, {\"url\": \"https://github.com/erlang/otp/commit/e77823e6d980b2ec0b4fe4ea3f2d098ca239e3ce\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/erlang/otp/commit/2c3e599797644310e5d4aa39c7193420e59dadff\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/erlang/otp/commit/9b5437c72fa3403a75c1aba28e5c532bc191c662\", \"tags\": [\"patch\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"* Disable session tickets on TLS 1.3 servers by setting session_tickets to disabled in the server\u0027s ssl options.\\n* Restrict the server to TLS 1.2 by setting versions to [\u0027tlsv1.2\u0027] in the server\u0027s ssl options.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cul\u003e\u003cli\u003eDisable session tickets on TLS 1.3 servers by setting \u003ctt\u003esession_tickets\u003c/tt\u003e to \u003ctt\u003edisabled\u003c/tt\u003e in the server\u0027s \u003ctt\u003essl\u003c/tt\u003e options.\u003c/li\u003e\u003cli\u003eRestrict the server to TLS 1.2 by setting \u003ctt\u003eversions\u003c/tt\u003e to \u003ctt\u003e[\u0027tlsv1.2\u0027]\u003c/tt\u003e in the server\u0027s \u003ctt\u003essl\u003c/tt\u003e options.\u003c/li\u003e\u003c/ul\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tls_handshake_1_3:handle_pre_shared_key/3, an OfferedPreSharedKeys record with a mismatched number of identities and binders is forwarded directly to tls_server_session_ticket:use/4, which crashes the session ticket handler process.\\n\\nAn unauthenticated remote attacker can send a single crafted ClientHello to a TLS 1.3 server with session tickets enabled (stateful or stateless mode) and permanently disrupt session ticket handling on that listener. New TLS 1.3 handshakes complete but subsequently crash when the server attempts to issue a session ticket, effectively making TLS 1.3 unusable on the affected listener until the ssl application is restarted. TLS 1.2 connections are not affected.\\n\\nThis issue affects OTP from 22.2 before 29.0.3, 28.5.0.3 and 27.3.4.14 corresponding to ssl from 9.5 before 11.7.3, 11.6.0.3 and 11.2.12.10.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe Erlang/OTP \u003ctt\u003essl\u003c/tt\u003e application does not validate that the PSK identity list and binder list carried in a TLS 1.3 \u003ctt\u003eClientHello\u003c/tt\u003e pre-shared key extension have equal length before passing them to the session ticket handler. In \u003ctt\u003etls_handshake_1_3:handle_pre_shared_key/3\u003c/tt\u003e, an \u003ctt\u003eOfferedPreSharedKeys\u003c/tt\u003e record with a mismatched number of identities and binders is forwarded directly to \u003ctt\u003etls_server_session_ticket:use/4\u003c/tt\u003e, which crashes the session ticket handler process.\u003c/p\u003e\u003cp\u003eAn unauthenticated remote attacker can send a single crafted \u003ctt\u003eClientHello\u003c/tt\u003e to a TLS 1.3 server with session tickets enabled (stateful or stateless mode) and permanently disrupt session ticket handling on that listener. New TLS 1.3 handshakes complete but subsequently crash when the server attempts to issue a session ticket, effectively making TLS 1.3 unusable on the affected listener until the \u003ctt\u003essl\u003c/tt\u003e application is restarted. TLS 1.2 connections are not affected.\u003c/p\u003e\u003cp\u003eThis issue affects OTP from 22.2 before 29.0.3, 28.5.0.3 and 27.3.4.14 corresponding to ssl from 9.5 before 11.7.3, 11.6.0.3 and 11.2.12.10.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1284\", \"description\": \"CWE-1284 Improper Validation of Specified Quantity in Input\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"The vulnerability only affects TLS 1.3 servers that have session tickets enabled (either stateful or stateless mode). TLS 1.2 connections and clients are not affected.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe vulnerability only affects TLS 1.3 servers that have session tickets enabled (either stateful or stateless mode). TLS 1.2 connections and clients are not affected.\u003c/p\u003e\", \"base64\": false}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"27.3.4.14\", \"versionStartIncluding\": \"22.2\"}, {\"criteria\": \"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"28.5.0.3\", \"versionStartIncluding\": \"28.0\"}, {\"criteria\": \"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"29.0.3\", \"versionStartIncluding\": \"29.0\"}], \"operator\": \"OR\"}], \"operator\": \"AND\"}], \"providerMetadata\": {\"orgId\": \"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\", \"shortName\": \"EEF\", \"dateUpdated\": \"2026-07-03T04:29:07.026Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-55952\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-03T04:29:07.026Z\", \"dateReserved\": \"2026-06-17T17:55:15.686Z\", \"assignerOrgId\": \"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\", \"datePublished\": \"2026-07-02T16:06:08.474Z\", \"assignerShortName\": \"EEF\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…