USN-7443-2

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-7443-2
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7443-2.json
JSON Data
https://api.osv.dev/v1/vulns/USN-7443-2
Upstream
Related
Published
2025-04-23T11:35:02.390070Z
Modified
2025-10-13T04:41:01Z
Summary
erlang vulnerability
Details

USN-7443-1 fixed a vulnerability in Erlang. This update provides the corresponding update for Ubuntu 25.04.

Original advisory details:

Fabian Bäumer, Marcel Maehren, Marcus Brinkmann, and Jörg Schwenk discovered that Erlang OTP’s SSH module incorrect handled authentication. A remote attacker could use this issue to execute arbitrary commands without authentication, possibly leading to a system compromise.

References

Affected packages

Ubuntu:25.04 / erlang

Package

Name
erlang
Purl
pkg:deb/ubuntu/erlang@1:27.3+dfsg-1ubuntu1.1?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:27.3+dfsg-1ubuntu1.1

Affected versions

1:25.*

1:25.3.2.12+dfsg-1ubuntu2

1:27.*

1:27.2+dfsg-2
1:27.2.1+dfsg-1
1:27.2.1+dfsg-2
1:27.2.2+dfsg-1
1:27.2.3+dfsg-1
1:27.2.4+dfsg-1
1:27.3+dfsg-1
1:27.3+dfsg-1ubuntu1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-asn1"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-base"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-common-test"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-crypto"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-debugger"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-dev"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-dialyzer"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-diameter"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-edoc"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-eldap"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-et"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-eunit"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-examples"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-ftp"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-inets"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-jinterface"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-megaco"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-mnesia"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-mode"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-nox"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-observer"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-odbc"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-os-mon"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-parsetools"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-public-key"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-reltool"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-runtime-tools"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-snmp"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-src"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-ssh"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-ssl"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-syntax-tools"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-tftp"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-tools"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-wx"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-x11"
        },
        {
            "binary_version": "1:27.3+dfsg-1ubuntu1.1",
            "binary_name": "erlang-xmerl"
        }
    ],
    "availability": "No subscription required"
}

Database specific

cves_map

{
    "ecosystem": "Ubuntu:25.04",
    "cves": [
        {
            "id": "CVE-2025-32433",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "high",
                    "type": "Ubuntu"
                }
            ]
        }
    ]
}