{"schema_version":"1.7.2","id":"OESA-2026-1031","modified":"2026-01-09T14:06:20Z","published":"2026-01-09T14:06:20Z","upstream":["CVE-2025-48038","CVE-2025-48039","CVE-2025-48041"],"summary":"erlang security update","details":"Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson.\r\n\r\nSecurity Fix(es):\n\nAllocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.\n\nThis issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.(CVE-2025-48038)\n\nAllocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.\n\nThis issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.(CVE-2025-48039)\n\nAllocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.\n\nThis issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.(CVE-2025-48041)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"erlang","purl":"pkg:rpm/openEuler/erlang&distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"23.3.4.9-8.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["erlang-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-asn1-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-common_test-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-compiler-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-crypto-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-debugger-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-debuginfo-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-debugsource-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-dialyzer-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-diameter-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-edoc-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-eldap-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-erl_docgen-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-erl_interface-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-erts-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-et-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-eunit-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-examples-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-ftp-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-hipe-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-inets-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-jinterface-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-kernel-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-megaco-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-mnesia-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-observer-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-odbc-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-os_mon-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-parsetools-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-public_key-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-reltool-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-runtime_tools-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-sasl-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-snmp-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-ssh-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-ssl-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-stdlib-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-syntax_tools-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-tftp-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-tools-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-wx-23.3.4.9-8.oe2203sp4.aarch64.rpm","erlang-xmerl-23.3.4.9-8.oe2203sp4.aarch64.rpm"],"src":["erlang-23.3.4.9-8.oe2203sp4.src.rpm"],"x86_64":["erlang-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-asn1-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-common_test-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-compiler-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-crypto-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-debugger-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-debuginfo-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-debugsource-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-dialyzer-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-diameter-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-edoc-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-eldap-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-erl_docgen-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-erl_interface-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-erts-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-et-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-eunit-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-examples-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-ftp-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-hipe-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-inets-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-jinterface-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-kernel-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-megaco-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-mnesia-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-observer-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-odbc-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-os_mon-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-parsetools-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-public_key-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-reltool-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-runtime_tools-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-sasl-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-snmp-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-ssh-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-ssl-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-stdlib-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-syntax_tools-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-tftp-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-tools-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-wx-23.3.4.9-8.oe2203sp4.x86_64.rpm","erlang-xmerl-23.3.4.9-8.oe2203sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1031"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48038"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48039"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48041"}],"database_specific":{"severity":"Medium"}}