OESA-2026-1666

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1666

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2026-1666.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2026-1666

Upstream

CVE-2026-23941

CVE-2026-23942

CVE-2026-23943

Published

2026-03-20T14:24:54Z

Modified

2026-03-20T14:30:53.857328Z

Summary

erlang security update

Details

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson.

Security Fix(es):

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling.

This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7.

The server does not reject or normalize duplicate Content-Length headers. The earliest Content-Length in the request is used for body parsing while common reverse proxies (nginx, Apache httpd, Envoy) honor the last Content-Length value. This violates RFC 9112 Section 6.3 and allows front-end/back-end desynchronization, leaving attacker-controlled bytes queued as the start of the next request.

This issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to inets from 5.10 until 9.6.1, 9.3.2.3 and 9.1.0.5.(CVE-2026-23941)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal.

This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2.

The SFTP server uses string prefix matching via lists:prefix/2 rather than proper path component validation when checking if a path is within the configured root directory. This allows authenticated users to access sibling directories that share a common name prefix with the configured root directory. For example, if root is set to /home/user1, paths like /home/user10 or /home/user1_backup would incorrectly be considered within the root.

This issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to ssh from 3.0.1 until 5.5.1, 5.2.11.6 and 5.1.4.14.(CVE-2026-23942)

Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion.

The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication without any size limit, enabling reliable memory exhaustion DoS.

Two compression algorithms are affected:

zlib: Activates immediately after key exchange, enabling unauthenticated attacks
(CVE-2026-23943)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:24.03-LTS-SP3 / erlang

Package

Name: erlang
Purl: pkg:rpm/openEuler/erlang&distro=openEuler-24.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

25.3.2.6-13.oe2403sp3

Ecosystem specific

{
    "aarch64": [
        "erlang-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-asn1-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-common_test-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-compiler-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-crypto-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-debugger-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-debuginfo-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-debugsource-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-dialyzer-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-diameter-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-edoc-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-eldap-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-erl_docgen-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-erl_interface-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-erts-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-et-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-eunit-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-examples-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-ftp-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-inets-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-jinterface-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-kernel-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-megaco-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-mnesia-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-observer-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-odbc-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-os_mon-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-parsetools-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-public_key-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-reltool-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-runtime_tools-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-sasl-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-snmp-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-src-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-ssh-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-ssl-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-stdlib-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-syntax_tools-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-tftp-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-tools-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-wx-25.3.2.6-13.oe2403sp3.aarch64.rpm",
        "erlang-xmerl-25.3.2.6-13.oe2403sp3.aarch64.rpm"
    ],
    "x86_64": [
        "erlang-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-asn1-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-common_test-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-compiler-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-crypto-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-debugger-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-debuginfo-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-debugsource-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-dialyzer-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-diameter-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-edoc-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-eldap-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-erl_docgen-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-erl_interface-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-erts-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-et-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-eunit-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-examples-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-ftp-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-inets-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-jinterface-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-kernel-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-megaco-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-mnesia-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-observer-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-odbc-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-os_mon-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-parsetools-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-public_key-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-reltool-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-runtime_tools-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-sasl-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-snmp-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-src-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-ssh-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-ssl-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-stdlib-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-syntax_tools-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-tftp-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-tools-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-wx-25.3.2.6-13.oe2403sp3.x86_64.rpm",
        "erlang-xmerl-25.3.2.6-13.oe2403sp3.x86_64.rpm"
    ],
    "src": [
        "erlang-25.3.2.6-13.oe2403sp3.src.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2026-1666.json"