CVE-2022-37026
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-37026
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-37026.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-37026
- Downstream
- Related
- Published
- 2022-09-21T14:15:11.223Z
- Modified
- 2025-11-20T12:08:57.227739Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.
- References
Affected packages
Git / github.com/erlang/otp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/erlang/otp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
OTP-17.*
OTP-17.0
OTP-17.0.1
OTP-17.0.2
OTP-17.1
OTP-17.1.1
OTP-17.1.2
OTP-17.2
OTP-17.2.1
OTP-17.2.2
OTP-17.3
OTP-17.3.1
OTP-17.3.2
OTP-17.3.3
OTP-17.3.4
OTP-17.4
OTP-17.4.1
OTP-17.5
OTP-17.5.1
OTP-17.5.2
OTP-17.5.3
OTP-17.5.4
OTP-17.5.5
OTP-17.5.6
OTP-17.5.6.1
OTP-17.5.6.10
OTP-17.5.6.2
OTP-17.5.6.3
OTP-17.5.6.4
OTP-17.5.6.5
OTP-17.5.6.6
OTP-17.5.6.7
OTP-17.5.6.8
OTP-17.5.6.9
OTP-18.*
OTP-18.0
OTP-18.0-rc1
OTP-18.0-rc2
OTP-18.0.1
OTP-18.0.2
OTP-18.0.3
OTP-18.1
OTP-18.1.1
OTP-18.1.2
OTP-18.1.3
OTP-18.1.4
OTP-18.1.5
OTP-18.2
OTP-18.2.1
OTP-18.2.2
OTP-18.2.3
OTP-18.2.4
OTP-18.2.4.0.1
OTP-18.2.4.1
OTP-18.3
OTP-18.3.1
OTP-18.3.2
OTP-18.3.3
OTP-18.3.4
OTP-18.3.4.1
OTP-18.3.4.1.1
OTP-18.3.4.10
OTP-18.3.4.11
OTP-18.3.4.2
OTP-18.3.4.3
OTP-18.3.4.4
OTP-18.3.4.5
OTP-18.3.4.6
OTP-18.3.4.7
OTP-18.3.4.8
OTP-18.3.4.9
OTP-19.*
OTP-19.0
OTP-19.0-rc1
OTP-19.0-rc2
OTP-19.0.1
OTP-19.0.2
OTP-19.0.3
OTP-19.0.4
OTP-19.0.5
OTP-19.0.6
OTP-19.0.7
OTP-19.1
OTP-19.1.1
OTP-19.1.2
OTP-19.1.3
OTP-19.1.4
OTP-19.1.5
OTP-19.1.6
OTP-19.1.6.1
OTP-19.2
OTP-19.2.1
OTP-19.2.2
OTP-19.2.3
OTP-19.2.3.1
OTP-19.3
OTP-19.3.1
OTP-19.3.2
OTP-19.3.3
OTP-19.3.4
OTP-19.3.5
OTP-19.3.6
OTP-19.3.6.1
OTP-19.3.6.10
OTP-19.3.6.11
OTP-19.3.6.12
OTP-19.3.6.13
OTP-19.3.6.2
OTP-19.3.6.3
OTP-19.3.6.4
OTP-19.3.6.5
OTP-19.3.6.6
OTP-19.3.6.7
OTP-19.3.6.8
OTP-19.3.6.9
OTP-20.*
OTP-20.0
OTP-20.0-rc1
OTP-20.0-rc2
OTP-20.0.1
OTP-20.0.2
OTP-20.0.3
OTP-20.0.4
OTP-20.0.5
OTP-20.1
OTP-20.1.1
OTP-20.1.2
OTP-20.1.3
OTP-20.1.4
OTP-20.1.5
OTP-20.1.6
OTP-20.1.7
OTP-20.1.7.1
OTP-20.2
OTP-20.2.0.1
OTP-20.2.1
OTP-20.2.2
OTP-20.2.3
OTP-20.2.4
OTP-20.3
OTP-20.3.1
OTP-20.3.2
OTP-20.3.2.1
OTP-20.3.3
OTP-20.3.4
OTP-20.3.5
OTP-20.3.6
OTP-20.3.7
OTP-20.3.8
OTP-20.3.8.1
OTP-20.3.8.10
OTP-20.3.8.11
OTP-20.3.8.12
OTP-20.3.8.13
OTP-20.3.8.14
OTP-20.3.8.15
OTP-20.3.8.16
OTP-20.3.8.17
OTP-20.3.8.18
OTP-20.3.8.19
OTP-20.3.8.2
OTP-20.3.8.20
OTP-20.3.8.21
OTP-20.3.8.22
OTP-20.3.8.23
OTP-20.3.8.24
OTP-20.3.8.25
OTP-20.3.8.26
OTP-20.3.8.3
OTP-20.3.8.4
OTP-20.3.8.5
OTP-20.3.8.6
OTP-20.3.8.7
OTP-20.3.8.8
OTP-20.3.8.9
OTP-21.*
OTP-21.0
OTP-21.0-rc1
OTP-21.0-rc2
OTP-21.0.1
OTP-21.0.2
OTP-21.0.3
OTP-21.0.4
OTP-21.0.5
OTP-21.0.6
OTP-21.0.7
OTP-21.0.8
OTP-21.0.9
OTP-21.1
OTP-21.1.1
OTP-21.1.2
OTP-21.1.3
OTP-21.1.4
OTP-21.2
OTP-21.2.1
OTP-21.2.2
OTP-21.2.3
OTP-21.2.4
OTP-21.2.5
OTP-21.2.6
OTP-21.2.7
OTP-21.3
OTP-21.3.1
OTP-21.3.2
OTP-21.3.3
OTP-21.3.4
OTP-21.3.5
OTP-21.3.6
OTP-21.3.7
OTP-21.3.7.1
OTP-21.3.8
OTP-21.3.8.1
OTP-21.3.8.10
OTP-21.3.8.11
OTP-21.3.8.12
OTP-21.3.8.13
OTP-21.3.8.14
OTP-21.3.8.15
OTP-21.3.8.16
OTP-21.3.8.17
OTP-21.3.8.18
OTP-21.3.8.19
OTP-21.3.8.2
OTP-21.3.8.20
OTP-21.3.8.21
OTP-21.3.8.3
OTP-21.3.8.4
OTP-21.3.8.5
OTP-21.3.8.6
OTP-21.3.8.7
OTP-21.3.8.8
OTP-21.3.8.9
OTP-22.*
OTP-22.0
OTP-22.0-rc1
OTP-22.0-rc2
OTP-22.0-rc3
OTP-22.0.1
OTP-22.0.2
OTP-22.0.3
OTP-22.0.4
OTP-22.0.5
OTP-22.0.6
OTP-22.0.7
OTP-22.1
OTP-22.1.1
OTP-22.1.2
OTP-22.1.3
OTP-22.1.4
OTP-22.1.5
OTP-22.1.6
OTP-22.1.7
OTP-22.1.8
OTP-22.1.8.1
OTP-22.2
OTP-22.2.1
OTP-22.2.2
OTP-22.2.3
OTP-22.2.4
OTP-22.2.5
OTP-22.2.6
OTP-22.2.7
OTP-22.2.8
OTP-22.3
OTP-22.3.1
OTP-22.3.2
OTP-22.3.3
OTP-22.3.4
OTP-22.3.4.1
OTP-22.3.4.10
OTP-22.3.4.11
OTP-22.3.4.12
OTP-22.3.4.13
OTP-22.3.4.14
OTP-22.3.4.15
OTP-22.3.4.16
OTP-22.3.4.2
OTP-22.3.4.3
OTP-22.3.4.4
OTP-22.3.4.5
OTP-22.3.4.6
OTP-22.3.4.7
OTP-22.3.4.8
OTP-22.3.4.9
OTP-23.*
OTP-23.0
OTP-23.0-rc1
OTP-23.0-rc2
OTP-23.0-rc3
OTP-23.0.1
OTP-23.0.2
OTP-23.0.3
OTP-23.0.4
OTP-23.1
OTP-23.1.1
OTP-23.1.2
OTP-23.1.3
OTP-23.1.4
OTP-23.1.5
OTP-23.2
OTP-23.2.1
OTP-23.2.2
OTP-23.2.3
OTP-23.2.4
OTP-23.2.5
OTP-23.2.6
OTP-23.2.7
OTP-23.3
OTP-23.3.1
OTP-23.3.2
OTP-23.3.3
OTP-23.3.4
OTP-23.3.4.1
OTP-23.3.4.10
OTP-23.3.4.11
OTP-23.3.4.12
OTP-23.3.4.13
OTP-23.3.4.14
OTP-23.3.4.2
OTP-23.3.4.3
OTP-23.3.4.4
OTP-23.3.4.5
OTP-23.3.4.6
OTP-23.3.4.7
OTP-23.3.4.8
OTP-23.3.4.9
OTP_17.*
OTP_17.0-rc1
OTP_17.0-rc2
Other
OTP_R13B03
OTP_R13B04
OTP_R14A
OTP_R14B
OTP_R14B01
OTP_R14B02
OTP_R14B03
OTP_R14B04
OTP_R15A
OTP_R15B
OTP_R15B01
OTP_R15B02
OTP_R15B03
OTP_R15B03-1
OTP_R16A_RELEASE_CANDIDATE
OTP_R16B
OTP_R16B01
OTP_R16B01_RC1
OTP_R16B02
OTP_R16B03
OTP_R16B03-1
OTP_R16B03_yielding_binary_to_term
R16B02_yielding_binary_to_term