WID-SEC-W-2026-1887
Vulnerability from csaf_certbund - Published: 2026-06-10 22:00 - Updated: 2026-06-14 22:00Summary
Erlang/OTP: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Erlang/OTP (Open Telecom Platform) ist eine Sammlung von Bibliotheken und Tools, die auf der Programmiersprache Erlang basieren und für den Aufbau skalierbarer, fehlertoleranter und verteilter Systeme entwickelt wurden.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Erlang/OTP ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Erlang/OTP erts <17.0.2
Open Source / Erlang/OTP
|
erts <17.0.2 | ||
|
Open Source Erlang/OTP ssh <6.0.1
Open Source / Erlang/OTP
|
ssh <6.0.1 | ||
|
Open Source Erlang/OTP inets <9.7.1
Open Source / Erlang/OTP
|
inets <9.7.1 | ||
|
Open Source Erlang/OTP ftp <1.2.6
Open Source / Erlang/OTP
|
ftp <1.2.6 | ||
|
Open Source Erlang/OTP <29.0.2
Open Source / Erlang/OTP
|
<29.0.2 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Open Source Erlang/OTP erl_interface <5.8.1
Open Source / Erlang/OTP
|
erl_interface <5.8.1 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Erlang/OTP erts <17.0.2
Open Source / Erlang/OTP
|
erts <17.0.2 | ||
|
Open Source Erlang/OTP ssh <6.0.1
Open Source / Erlang/OTP
|
ssh <6.0.1 | ||
|
Open Source Erlang/OTP inets <9.7.1
Open Source / Erlang/OTP
|
inets <9.7.1 | ||
|
Open Source Erlang/OTP ftp <1.2.6
Open Source / Erlang/OTP
|
ftp <1.2.6 | ||
|
Open Source Erlang/OTP <29.0.2
Open Source / Erlang/OTP
|
<29.0.2 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Open Source Erlang/OTP erl_interface <5.8.1
Open Source / Erlang/OTP
|
erl_interface <5.8.1 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Erlang/OTP erts <17.0.2
Open Source / Erlang/OTP
|
erts <17.0.2 | ||
|
Open Source Erlang/OTP ssh <6.0.1
Open Source / Erlang/OTP
|
ssh <6.0.1 | ||
|
Open Source Erlang/OTP inets <9.7.1
Open Source / Erlang/OTP
|
inets <9.7.1 | ||
|
Open Source Erlang/OTP ftp <1.2.6
Open Source / Erlang/OTP
|
ftp <1.2.6 | ||
|
Open Source Erlang/OTP <29.0.2
Open Source / Erlang/OTP
|
<29.0.2 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Open Source Erlang/OTP erl_interface <5.8.1
Open Source / Erlang/OTP
|
erl_interface <5.8.1 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Erlang/OTP erts <17.0.2
Open Source / Erlang/OTP
|
erts <17.0.2 | ||
|
Open Source Erlang/OTP ssh <6.0.1
Open Source / Erlang/OTP
|
ssh <6.0.1 | ||
|
Open Source Erlang/OTP inets <9.7.1
Open Source / Erlang/OTP
|
inets <9.7.1 | ||
|
Open Source Erlang/OTP ftp <1.2.6
Open Source / Erlang/OTP
|
ftp <1.2.6 | ||
|
Open Source Erlang/OTP <29.0.2
Open Source / Erlang/OTP
|
<29.0.2 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Open Source Erlang/OTP erl_interface <5.8.1
Open Source / Erlang/OTP
|
erl_interface <5.8.1 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Erlang/OTP erts <17.0.2
Open Source / Erlang/OTP
|
erts <17.0.2 | ||
|
Open Source Erlang/OTP ssh <6.0.1
Open Source / Erlang/OTP
|
ssh <6.0.1 | ||
|
Open Source Erlang/OTP inets <9.7.1
Open Source / Erlang/OTP
|
inets <9.7.1 | ||
|
Open Source Erlang/OTP ftp <1.2.6
Open Source / Erlang/OTP
|
ftp <1.2.6 | ||
|
Open Source Erlang/OTP <29.0.2
Open Source / Erlang/OTP
|
<29.0.2 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Open Source Erlang/OTP erl_interface <5.8.1
Open Source / Erlang/OTP
|
erl_interface <5.8.1 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Erlang/OTP erts <17.0.2
Open Source / Erlang/OTP
|
erts <17.0.2 | ||
|
Open Source Erlang/OTP ssh <6.0.1
Open Source / Erlang/OTP
|
ssh <6.0.1 | ||
|
Open Source Erlang/OTP inets <9.7.1
Open Source / Erlang/OTP
|
inets <9.7.1 | ||
|
Open Source Erlang/OTP ftp <1.2.6
Open Source / Erlang/OTP
|
ftp <1.2.6 | ||
|
Open Source Erlang/OTP <29.0.2
Open Source / Erlang/OTP
|
<29.0.2 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Open Source Erlang/OTP erl_interface <5.8.1
Open Source / Erlang/OTP
|
erl_interface <5.8.1 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Erlang/OTP erts <17.0.2
Open Source / Erlang/OTP
|
erts <17.0.2 | ||
|
Open Source Erlang/OTP ssh <6.0.1
Open Source / Erlang/OTP
|
ssh <6.0.1 | ||
|
Open Source Erlang/OTP inets <9.7.1
Open Source / Erlang/OTP
|
inets <9.7.1 | ||
|
Open Source Erlang/OTP ftp <1.2.6
Open Source / Erlang/OTP
|
ftp <1.2.6 | ||
|
Open Source Erlang/OTP <29.0.2
Open Source / Erlang/OTP
|
<29.0.2 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Open Source Erlang/OTP erl_interface <5.8.1
Open Source / Erlang/OTP
|
erl_interface <5.8.1 |
References
11 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Erlang/OTP (Open Telecom Platform) ist eine Sammlung von Bibliotheken und Tools, die auf der Programmiersprache Erlang basieren und f\u00fcr den Aufbau skalierbarer, fehlertoleranter und verteilter Systeme entwickelt wurden.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Erlang/OTP ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1887 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1887.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1887 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1887"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-24cv-hwgr-37fq vom 2026-06-10",
"url": "https://github.com/erlang/otp/security/advisories/GHSA-24cv-hwgr-37fq"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-3w6p-vwhf-wvp4 vom 2026-06-10",
"url": "https://github.com/erlang/otp/security/advisories/GHSA-3w6p-vwhf-wvp4"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-6f4f-chj5-5g97 vom 2026-06-10",
"url": "https://github.com/erlang/otp/security/advisories/GHSA-6f4f-chj5-5g97"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-gp7x-mfv6-52cv vom 2026-06-10",
"url": "https://github.com/erlang/otp/security/advisories/GHSA-gp7x-mfv6-52cv"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-m75x-4vwg-ggjh vom 2026-06-10",
"url": "https://github.com/erlang/otp/security/advisories/GHSA-m75x-4vwg-ggjh"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-pv7g-pjrq-x2fh vom 2026-06-10",
"url": "https://github.com/erlang/otp/security/advisories/GHSA-pv7g-pjrq-x2fh"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-xcxj-5pg2-v72j vom 2026-06-10",
"url": "https://github.com/erlang/otp/security/advisories/GHSA-xcxj-5pg2-v72j"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-E692D95607 vom 2026-06-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-e692d95607"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-EF630B13B0 vom 2026-06-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-ef630b13b0"
}
],
"source_lang": "en-US",
"title": "Erlang/OTP: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-14T22:00:00.000+00:00",
"generator": {
"date": "2026-06-15T07:40:30.626+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1887",
"initial_release_date": "2026-06-10T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-06-10T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-06-14T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c29.0.2",
"product": {
"name": "Open Source Erlang/OTP \u003c29.0.2",
"product_id": "T055274"
}
},
{
"category": "product_version",
"name": "29.0.2",
"product": {
"name": "Open Source Erlang/OTP 29.0.2",
"product_id": "T055274-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:erlang:erlang%2fotp:29.0.2"
}
}
},
{
"category": "product_version_range",
"name": "ftp \u003c1.2.6",
"product": {
"name": "Open Source Erlang/OTP ftp \u003c1.2.6",
"product_id": "T055275"
}
},
{
"category": "product_version",
"name": "ftp 1.2.6",
"product": {
"name": "Open Source Erlang/OTP ftp 1.2.6",
"product_id": "T055275-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:erlang:erlang%2fotp:ftp__1.2.6"
}
}
},
{
"category": "product_version_range",
"name": "inets \u003c9.7.1",
"product": {
"name": "Open Source Erlang/OTP inets \u003c9.7.1",
"product_id": "T055276"
}
},
{
"category": "product_version",
"name": "inets 9.7.1",
"product": {
"name": "Open Source Erlang/OTP inets 9.7.1",
"product_id": "T055276-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:erlang:erlang%2fotp:inets__9.7.1"
}
}
},
{
"category": "product_version_range",
"name": "ssh \u003c6.0.1",
"product": {
"name": "Open Source Erlang/OTP ssh \u003c6.0.1",
"product_id": "T055277"
}
},
{
"category": "product_version",
"name": "ssh 6.0.1",
"product": {
"name": "Open Source Erlang/OTP ssh 6.0.1",
"product_id": "T055277-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:erlang:erlang%2fotp:ssh__6.0.1"
}
}
},
{
"category": "product_version_range",
"name": "erts \u003c17.0.2",
"product": {
"name": "Open Source Erlang/OTP erts \u003c17.0.2",
"product_id": "T055278"
}
},
{
"category": "product_version",
"name": "erts 17.0.2",
"product": {
"name": "Open Source Erlang/OTP erts 17.0.2",
"product_id": "T055278-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:erlang:erlang%2fotp:erts__17.0.2"
}
}
},
{
"category": "product_version_range",
"name": "erl_interface \u003c5.8.1",
"product": {
"name": "Open Source Erlang/OTP erl_interface \u003c5.8.1",
"product_id": "T055279"
}
},
{
"category": "product_version",
"name": "erl_interface 5.8.1",
"product": {
"name": "Open Source Erlang/OTP erl_interface 5.8.1",
"product_id": "T055279-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:erlang:erlang%2fotp:erl_interface__5.8.1"
}
}
}
],
"category": "product_name",
"name": "Erlang/OTP"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-48855",
"product_status": {
"known_affected": [
"T055278",
"T055277",
"T055276",
"T055275",
"T055274",
"74185",
"T055279"
]
},
"release_date": "2026-06-10T22:00:00.000+00:00",
"title": "CVE-2026-48855"
},
{
"cve": "CVE-2026-48856",
"product_status": {
"known_affected": [
"T055278",
"T055277",
"T055276",
"T055275",
"T055274",
"74185",
"T055279"
]
},
"release_date": "2026-06-10T22:00:00.000+00:00",
"title": "CVE-2026-48856"
},
{
"cve": "CVE-2026-48858",
"product_status": {
"known_affected": [
"T055278",
"T055277",
"T055276",
"T055275",
"T055274",
"74185",
"T055279"
]
},
"release_date": "2026-06-10T22:00:00.000+00:00",
"title": "CVE-2026-48858"
},
{
"cve": "CVE-2026-48859",
"product_status": {
"known_affected": [
"T055278",
"T055277",
"T055276",
"T055275",
"T055274",
"74185",
"T055279"
]
},
"release_date": "2026-06-10T22:00:00.000+00:00",
"title": "CVE-2026-48859"
},
{
"cve": "CVE-2026-48860",
"product_status": {
"known_affected": [
"T055278",
"T055277",
"T055276",
"T055275",
"T055274",
"74185",
"T055279"
]
},
"release_date": "2026-06-10T22:00:00.000+00:00",
"title": "CVE-2026-48860"
},
{
"cve": "CVE-2026-49759",
"product_status": {
"known_affected": [
"T055278",
"T055277",
"T055276",
"T055275",
"T055274",
"74185",
"T055279"
]
},
"release_date": "2026-06-10T22:00:00.000+00:00",
"title": "CVE-2026-49759"
},
{
"cve": "CVE-2026-49760",
"product_status": {
"known_affected": [
"T055278",
"T055277",
"T055276",
"T055275",
"T055274",
"74185",
"T055279"
]
},
"release_date": "2026-06-10T22:00:00.000+00:00",
"title": "CVE-2026-49760"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…