216.73.217.22

CVE-2025-30211

· Published 28/03/2025 15:15 · Modified 28/03/2025 18:11

Labels: CVE-2025-30211 2025-03-28CVE-2025-30211CWE-789[email protected]

Essential information

Published
28/03/2025 15:15
Modified
28/03/2025 18:11
Author
Creator
CVSS
7.5 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names (64 characters) provided in KEX init message. Big KEX init packet may lead to inefficient processing of the error data. As a result, large amount of memory will be allocated for processing malicious data. Versions OTP-27.3.1, OTP-26.2.5.10, and OTP-25.3.2.19 fix the issue. Some workarounds are available. One may set option `parallel_login` to `false` and/or reduce the `max_sessions` option.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
erlang / otp cpe:2.3:a:erlang:otp:<25.*:*:*:*:*:*:*:*
erlang / otp cpe:2.3:a:erlang:otp:<26.2.5.10:*:*:*:*:*:*:*
erlang / otp cpe:2.3:a:erlang:otp:<27.3.1:*:*:*:*:*:*:*

References