• CVE-2025-46712

发布时间: 2025年5月23日

修改时间: 2025年5月23日

概要

Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This allows a Man-in-the-Middle attacker to inject these messages in a connection during the handshake. This issue has been patched in versions OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25).

CVSS v3 指标

NVD openEuler
Confidentiality None
Attack Vector Network
CVSS评分 N/A 3.7
Attack Complexity High
Privileges Required None
Scope Unchanged
Integrity Low
User Interaction None
Availability None

安全公告

公告名 概要 发布时间
KylinSec-SA-2025-2543 erlang security update 2025年7月4日

影响产品

产品 状态
V6 erlang Fixed