Description

OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and OTP-27.0, resulting in a server or client verifying the peer when incorrect extended key usage is presented (i.e., a server will verify a client if they have server auth ext key usage and vice versa).

INFO

Published Date :

2024-12-05T17:02:59.370Z

Last Modified :

2024-12-06T16:26:57.528Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-53846 vulnerability.

Vendors Products
Erlang
  • Otp
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-53846.

URL Resource
https://github.com/erlang/otp/security/advisories/GHSA-qw6r-qh9v-638v cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-53846 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-53846 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact