OESA-2026-1029
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1029
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2026-1029.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2026-1029
- Upstream
- Published
- 2026-01-09T14:06:15Z
- Modified
- 2026-01-09T14:30:06.785361Z
- Summary
- erlang security update
- Details
-
Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson.
Security Fix(es):
Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (sshsftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl.
This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.(CVE-2025-48039)
Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (sshsftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl.
This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.(CVE-2025-48040)
- Database specific
{ "severity": "Medium" }- References
Affected packages
openEuler:24.03-LTS-SP3 / erlang
Package
- Name
- erlang
- Purl
- pkg:rpm/openEuler/erlang&distro=openEuler-24.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed25.3.2.6-11.oe2403sp3
Ecosystem specific
{
"src": [
"erlang-25.3.2.6-11.oe2403sp3.src.rpm"
],
"aarch64": [
"erlang-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-asn1-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-common_test-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-compiler-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-crypto-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-debugger-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-debuginfo-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-debugsource-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-dialyzer-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-diameter-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-edoc-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-eldap-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-erl_docgen-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-erl_interface-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-erts-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-et-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-eunit-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-examples-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-ftp-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-inets-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-jinterface-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-kernel-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-megaco-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-mnesia-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-observer-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-odbc-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-os_mon-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-parsetools-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-public_key-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-reltool-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-runtime_tools-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-sasl-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-snmp-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-src-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-ssh-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-ssl-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-stdlib-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-syntax_tools-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-tftp-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-tools-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-wx-25.3.2.6-11.oe2403sp3.aarch64.rpm",
"erlang-xmerl-25.3.2.6-11.oe2403sp3.aarch64.rpm"
],
"x86_64": [
"erlang-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-asn1-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-common_test-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-compiler-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-crypto-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-debugger-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-debuginfo-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-debugsource-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-dialyzer-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-diameter-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-edoc-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-eldap-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-erl_docgen-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-erl_interface-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-erts-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-et-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-eunit-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-examples-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-ftp-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-inets-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-jinterface-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-kernel-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-megaco-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-mnesia-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-observer-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-odbc-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-os_mon-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-parsetools-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-public_key-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-reltool-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-runtime_tools-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-sasl-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-snmp-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-src-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-ssh-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-ssl-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-stdlib-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-syntax_tools-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-tftp-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-tools-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-wx-25.3.2.6-11.oe2403sp3.x86_64.rpm",
"erlang-xmerl-25.3.2.6-11.oe2403sp3.x86_64.rpm"
]
}