OESA-2026-1030

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1030

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2026-1030.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2026-1030

Upstream

CVE-2025-48038

CVE-2025-48039

CVE-2025-48041

Published

2026-01-09T14:06:17Z

Modified

2026-01-09T14:30:07.723291Z

Summary

erlang security update

Details

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson.

Security Fix(es):

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (sshsftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl.

This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.(CVE-2025-48038)

This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.(CVE-2025-48039)

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (sshsftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl.

This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.(CVE-2025-48041)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:22.03-LTS-SP3 / erlang

Package

Name: erlang
Purl: pkg:rpm/openEuler/erlang&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

23.3.4.9-8.oe2203sp3

Ecosystem specific

{
    "src": [
        "erlang-23.3.4.9-8.oe2203sp3.src.rpm"
    ],
    "aarch64": [
        "erlang-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-asn1-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-common_test-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-compiler-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-crypto-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-debugger-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-debuginfo-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-debugsource-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-dialyzer-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-diameter-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-edoc-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-eldap-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-erl_docgen-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-erl_interface-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-erts-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-et-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-eunit-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-examples-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-ftp-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-hipe-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-inets-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-jinterface-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-kernel-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-megaco-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-mnesia-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-observer-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-odbc-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-os_mon-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-parsetools-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-public_key-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-reltool-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-runtime_tools-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-sasl-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-snmp-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-ssh-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-ssl-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-stdlib-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-syntax_tools-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-tftp-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-tools-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-wx-23.3.4.9-8.oe2203sp3.aarch64.rpm",
        "erlang-xmerl-23.3.4.9-8.oe2203sp3.aarch64.rpm"
    ],
    "x86_64": [
        "erlang-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-asn1-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-common_test-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-compiler-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-crypto-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-debugger-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-debuginfo-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-debugsource-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-dialyzer-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-diameter-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-edoc-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-eldap-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-erl_docgen-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-erl_interface-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-erts-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-et-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-eunit-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-examples-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-ftp-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-hipe-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-inets-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-jinterface-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-kernel-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-megaco-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-mnesia-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-observer-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-odbc-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-os_mon-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-parsetools-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-public_key-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-reltool-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-runtime_tools-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-sasl-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-snmp-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-ssh-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-ssl-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-stdlib-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-syntax_tools-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-tftp-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-tools-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-wx-23.3.4.9-8.oe2203sp3.x86_64.rpm",
        "erlang-xmerl-23.3.4.9-8.oe2203sp3.x86_64.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2026-1030.json"