Skip to main content

Erlang/OTP EUVDEUVD-2026-41412

| CVE-2026-55952 HIGH
Improper Validation of Specified Quantity in Input (CWE-1284)
2026-07-02 EEF
8.2
CVSS 4.0 · Vendor: EEF
Share

Severity by source

Vendor (EEF) PRIMARY
8.2 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.5 HIGH

Single unauthenticated network ClientHello triggers it (AV:N/AC:L/PR:N/UI:N); impact is availability-only DoS of TLS 1.3 tickets, so C:N/I:N/A:H and scope unchanged.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (EEF).

CVSS VectorVendor: EEF

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 02, 2026 - 17:21 vuln.today

DescriptionCVE.org

The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tls_handshake_1_3:handle_pre_shared_key/3, an OfferedPreSharedKeys record with a mismatched number of identities and binders is forwarded directly to tls_server_session_ticket:use/4, which crashes the session ticket handler process.

An unauthenticated remote attacker can send a single crafted ClientHello to a TLS 1.3 server with session tickets enabled (stateful or stateless mode) and permanently disrupt session ticket handling on that listener. New TLS 1.3 handshakes complete but subsequently crash when the server attempts to issue a session ticket, effectively making TLS 1.3 unusable on the affected listener until the ssl application is restarted. TLS 1.2 connections are not affected.

This issue affects OTP from 22.2 before 29.0.3, 28.5.0.3 and 27.3.4.14 corresponding to ssl from 9.5 before 11.7.3, 11.6.0.3 and 11.2.12.10.

AnalysisAI

Denial of service in the Erlang/OTP ssl application (OTP 22.2 through 29.0.3, and the 28.5.x/27.3.x maintenance branches) lets an unauthenticated remote attacker permanently disable TLS 1.3 session ticket handling on a listener with a single crafted ClientHello. Because the pre-shared key extension's identity list and binder list are not length-checked before being handed to the session ticket handler, a mismatched OfferedPreSharedKeys record crashes that process, causing all subsequent TLS 1.3 handshakes to fail at ticket issuance until the ssl application is restarted. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach TLS 1.3 listener with tickets enabled
Delivery
Craft ClientHello with mismatched PSK identity/binder lists
Exploit
Server forwards record to session ticket handler
Execution
Handler process crashes
Persist
TLS 1.3 ticket issuance fails on listener
Impact
TLS 1.3 denied until ssl restart

Vulnerability AssessmentAI

Exploitation Exploitation requires the target to run a TLS 1.3 server on affected Erlang/OTP with session ticket handling enabled - either stateful or stateless mode - since the crash occurs in tls_server_session_ticket:use/4 when the server processes the PSK extension. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are consistent and point to a real, easily triggered availability threat with no confidentiality or integrity exposure. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker who can reach a TLS 1.3 listener with session tickets enabled sends a single crafted ClientHello whose pre-shared key extension carries an unequal number of PSK identities and binders. This crashes the tls_server_session_ticket handler process, and thereafter every TLS 1.3 handshake fails when the server attempts to issue a ticket, taking TLS 1.3 offline until the ssl application is restarted. …
Remediation Upgrade Erlang/OTP to a fixed release: Vendor-released patch: OTP 29.0.3 (ssl 11.7.3), or on the maintenance branches OTP 28.5.0.3 (ssl 11.6.0.3) or 27.3.4.14 (ssl 11.2.12.10); choose the fixed version on your current major line to minimize disruption. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems running Erlang/OTP versions 22.2-29.0.3, 28.5.x, or 27.3.x. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Otp

View all
CVE-2026-49759 HIGH
8.8 Jun 10

Denial of service in Erlang/OTP erts (inet_drv SCTP handler) lets unauthenticated remote attackers crash the BEAM VM by

CVE-2026-55950 HIGH
8.7 Jul 02

Remote denial of service in Erlang/OTP's ssl application (dtls_packet_demux module) lets an unauthenticated attacker cra

CVE-2026-28808 HIGH
8.3 Apr 07

Authorization bypass in Erlang OTP's inets HTTP server allows unanauthenticated remote attackers to execute CGI scripts

CVE-2026-32144 HIGH
7.6 Apr 07

Erlang OTP public_key module (versions 1.16 through 1.20.3 and 1.17.1.2) fails to cryptographically verify OCSP responde

CVE-2026-48860 HIGH
7.5 Jun 10

Authentication bypass in Erlang/OTP's TLS distribution module (inet_tls_dist) lets any attacker holding a TLS certificat

CVE-2026-48856 HIGH
7.1 Jun 10

Credential leakage in Erlang/OTP's inets httpc client (versions 17.0 through 29.0.2, 28.5.0.2, and 27.3.4.13) allows att

CVE-2026-49760 MEDIUM
6.9 Jun 10

Stack-based buffer overflow in Erlang OTP's erl_interface C library (`ei_s_print_term`) crashes processes when decoding

CVE-2026-48859 MEDIUM
6.3 Jun 10

Username enumeration via timing side-channel in Erlang/OTP SSH daemon (OTP 29.0-29.0.1) allows unauthenticated remote at

CVE-2026-28810 MEDIUM
6.3 Apr 07

Erlang/OTP kernel inet_res DNS resolver uses predictable sequential transaction IDs and lacks source port randomization,

CVE-2026-48858 MEDIUM
6.3 Jun 10

SSRF and FTP bounce attacks are enabled in Erlang/OTP's ftp_internal module because the PASV handler blindly trusts the

CVE-2026-54891 MEDIUM
6.3 Jul 02

Blind plaintext injection into Erlang/OTP TLS clients allows a network-positioned attacker to insert unauthenticated APP

CVE-2026-54887 MEDIUM
6.3 Jul 02

The DTLS server in Erlang/OTP ssl initializes its cookie secret to a hardcoded empty binary on startup, making HMAC-base

Share

EUVD-2026-41412 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy