CVE-2017-1000385
- Source
- https://cve.org/CVERecord?id=CVE-2017-1000385
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000385.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-1000385
- Downstream
- Related
- Published
- 2017-12-12T21:29:00.213Z
- Modified
- 2026-04-16T06:17:21.943732231Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).
- References
-
- https://lists.debian.org/debian-lts-announce/2017/12/msg00010.html
- https://usn.ubuntu.com/3571-1/
- https://access.redhat.com/errata/RHSA-2018:0528
- https://access.redhat.com/errata/RHSA-2018:0303
- http://www.securityfocus.com/bid/102197
- https://access.redhat.com/errata/RHSA-2018:0242
- https://access.redhat.com/errata/RHSA-2018:0368
- https://robotattack.org/
- https://www.debian.org/security/2017/dsa-4057
- http://erlang.org/pipermail/erlang-questions/2017-November/094255.html
- http://erlang.org/pipermail/erlang-questions/2017-November/094256.html
- https://www.kb.cert.org/vuls/id/144389
- http://erlang.org/pipermail/erlang-questions/2017-November/094257.html
Affected packages
Git / github.com/erlang/otp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/erlang/otp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "18.3.4.7" }, { "introduced": "0" }, { "last_affected": "19.3.6.4" }, { "introduced": "0" }, { "last_affected": "20.1.7" } ] }
Affected versions
OTP-17.*
OTP-17.0
OTP-18.*
OTP-18.0
OTP-18.0-rc1
OTP-18.1
OTP-18.2.1
OTP-18.3.1
OTP-18.3.2
OTP-18.3.3
OTP-18.3.4
OTP-18.3.4.1
OTP-18.3.4.2
OTP-18.3.4.3
OTP-18.3.4.4
OTP-18.3.4.5
OTP-18.3.4.6
OTP-18.3.4.7
OTP-19.*
OTP-19.0
OTP-19.0-rc1
OTP-19.0-rc2
OTP-19.1
OTP-19.2
OTP-19.3
OTP-19.3.1
OTP-19.3.2
OTP-19.3.3
OTP-19.3.4
OTP-19.3.5
OTP-19.3.6
OTP-19.3.6.1
OTP-19.3.6.2
OTP-19.3.6.3
OTP-19.3.6.4
OTP-20.*
OTP-20.0
OTP-20.0-rc1
OTP-20.0-rc2
OTP-20.1
OTP-20.1.1
OTP-20.1.2
OTP-20.1.3
OTP-20.1.4
OTP-20.1.5
OTP-20.1.6
OTP-20.1.7
OTP_17.*
OTP_17.0-rc1
OTP_17.0-rc2
Other
OTP_R13B03
OTP_R13B04
OTP_R14A
OTP_R14B
OTP_R14B01
OTP_R14B02
OTP_R14B03
OTP_R15A
OTP_R15B
OTP_R16A_RELEASE_CANDIDATE
OTP_R16B