Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-53846

Опубликовано: 05 дек. 2024
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and OTP-27.0, resulting in a server or client verifying the peer when incorrect extended key usage is presented (i.e., a server will verify a client if they have server auth ext key usage and vice versa).

A regression flaw was introduced into Erlang OTP's SSL application. This issue results in a server or client verifying the peer when incorrect extended key usage is presented. For example, a server will verify if a client has server auth ext key usage and vice versa.

Отчет

No Red Hat products are shipped with an affected version of OTP.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenStack Platform 16.2erlangNot affected
Red Hat OpenStack Platform 17.1erlangNot affected
Red Hat OpenStack Platform 18.0erlangNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-295
https://bugzilla.redhat.com/show_bug.cgi?id=2330624erlang: ssl fails to validate incorrect extened key usage

EPSS

Процентиль: 37%
0.00193
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-53846

CVSS3: 5.5
ubuntu
12 месяцев назад

OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and OTP-27.0, resulting in a server or client verifying the peer when incorrect extended key usage is presented (i.e., a server will verify a client if they have server auth ext key usage and vice versa).

nvd логотип

CVE-2024-53846

CVSS3: 5.5
nvd
12 месяцев назад

OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and OTP-27.0, resulting in a server or client verifying the peer when incorrect extended key usage is presented (i.e., a server will verify a client if they have server auth ext key usage and vice versa).

msrc логотип

CVE-2024-53846

CVSS3: 5.5
msrc
11 месяцев назад

ssl fails to validate incorrect extened key usage

debian логотип

CVE-2024-53846

CVSS3: 5.5
debian
12 месяцев назад

OTP is a set of Erlang libraries, which consists of the Erlang runtime ...

redos логотип

ROS-20250110-09

CVSS3: 5.5
redos
11 месяцев назад

Уязвимость erlang

EPSS

Процентиль: 37%
0.00193
Низкий

5.5 Medium

CVSS3

Уязвимость CVE-2024-53846