Description

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names (64 characters) provided in KEX init message. Big KEX init packet may lead to inefficient processing of the error data. As a result, large amount of memory will be allocated for processing malicious data. Versions OTP-27.3.1, OTP-26.2.5.10, and OTP-25.3.2.19 fix the issue. Some workarounds are available. One may set option `parallel_login` to `false` and/or reduce the `max_sessions` option.

INFO

Published Date :

2025-03-28T14:55:47.778Z

Last Modified :

2025-11-03T19:46:46.745Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-30211 vulnerability.

Vendors Products
Erlang
  • Otp
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-30211.

URL Resource
https://github.com/erlang/otp/security/advisories/GHSA-vvr3-fjhh-cfwc cve-icon cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-30211 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-30211 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact