These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A Stack-based Buffer Overflow vulnerability was discovered in Erlang OTP (erl_interface), specifically in the program file lib/erl_interface/src/misc/ei_printterm.c and program routine ei_s_print_term. The C function ei_s_print_term uses an internal 2000-character stack buffer to format terms. When called with an encoded Erlang term containing a very large integer (encoded representation exceeding 2000 ch [truncated]
CVE-2026-49759 is a Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv). An unauthenticated remote attacker can crash the BEAM VM by sending a crafted SCTP ERROR chunk. The vulnerability exists in the sctp_parse_error_chunk function in erts/emulator/drivers/common/inet_drv.c, which parses SCTP ERROR chunks and writes cause codes into a fixed-size stack-allocated ErlDrvTermData spec[] a [truncated]
CVE-2026-48860 is a HIGH severity vulnerability in OTP's ssl (inet_tls_dist module). An unauthenticated attacker can bypass the distribution-over-TLS LAN allowlist due to the inet_tls_dist:check_ip/1 function incorrectly using inet:sockname/1 instead of inet:peername/1 to obtain the peer's IP address. This causes the subnet mask comparison to always succeed, allowing any holder of a CA-signed TLS certific [truncated]
CVE-2026-48859 is a medium-severity vulnerability in Erlang/OTP SSH. The vulnerability, known as an Observable Timing Discrepancy, allows an unauthenticated remote attacker to enumerate valid usernames via a timing side-channel in password authentication. The issue arises when the SSH daemon is configured with the user_passwords or password option, causing ssh_auth:check_password/3 to perform a PBKDF2-SHA [truncated]
A Server-Side Request Forgery (SSRF) vulnerability exists in the Erlang/OTP ftp (ftp_internal module). The vulnerability allows for FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The PASV handler (mode=passive, ipfamily=inet, ftp_extension=false) extracts the IP address from the server's 227 response and passes it directly to gen_tcp:connect/4 without validating it against the co [truncated]
CVE-2026-48855 is an Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh (ssh_sftpd module) that allows File Discovery. The SSH_FXP_READLINK handler in ssh_sftpd sends the raw result of file:read_link/2 to the client without calling chroot_filename/2 to strip the backend root prefix. An authenticated SFTP client can create a symlink inside the chroot pointing to /; s [truncated]
A DNS nameConstraints bypass vulnerability in Erlang/OTP's public_key library allows a subordinate Certificate Authority (CA) with restricted DNS nameConstraints to issue leaf certificates that OTP TLS clients incorrectly accept for out-of-scope hostnames. The vulnerability stems from two interacting flaws in certificate validation and hostname verification. First, the nameConstraints validation logic onl [truncated]
A certificate validation flaw in Erlang/OTP's public_key library allows attackers to forge OCSP responses using expired responder certificates, potentially bypassing certificate revocation checks in TLS clients and authentication systems.
A certificate chain validation flaw in Erlang/OTP's public_key module allows non-CA certificates to be incorrectly accepted as intermediate issuers, enabling certificate forgery attacks against TLS and mTLS endpoints.
CVE-2026-32147 is an authenticated SFTP path handling flaw in Erlang OTP's ssh_sftpd module. According to the supplied advisory data, the daemon can retain the raw user-supplied path in file handles rather than the chroot-resolved path, so a later SSH_FXP_FSETSTAT operation may apply attribute changes to the real filesystem path outside the intended root directory boundary. The issue is limited to file at [truncated]
CVE-2026-23943 is a denial-of-service vulnerability in Erlang/OTP's SSH transport layer. The ssh_transport code can inflate attacker-controlled data without a size limit, allowing memory exhaustion and OOM kills, especially on memory-constrained systems.
CVE-2025-32433 is a vulnerability in Erlang/OTP’s SSH server that CISA has added to the Known Exploited Vulnerabilities catalog. The issue is described as a missing authentication condition for a critical function, which makes it a high-priority defensive issue for any environment running Erlang/OTP SSH services or products that embed them. CISA’s KEV entry indicates a remediation deadline of 2025-06-30 a [truncated]