AZL-54051

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-54051.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-54051

Upstream

CVE-2024-53846

Published

2024-12-05T17:15:14Z

Modified

2026-04-21T04:35:27.212931Z

Summary

CVE-2024-53846 affecting package erlang for versions less than 26.2.5.6-1

Details

OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and OTP-27.0, resulting in a server or client verifying the peer when incorrect extended key usage is presented (i.e., a server will verify a client if they have server auth ext key usage and vice versa).

References

https://nvd.nist.gov/vuln/detail/CVE-2024-53846

Affected packages

Azure Linux:3 / erlang

Package

Name: erlang
Purl: pkg:rpm/azure-linux/erlang

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

26.2.5.6-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-54051.json"