Intel

AIKIDO-2026-563172

erlang is vulnerable to Race Condition (TOCTOU)

Race Condition (TOCTOU)CVE-2026-55950 Published 5 days ago

87

High Risk

This Affects:

OSerlang
25.3.0 - 27.3.4.13
Fixed in 27.3.4.14
28.0.0 - 28.5.0.2
Fixed in 28.5.0.3
29.0.0 - 29.0.2
Fixed in 29.0.3
Are you affected? Scan for Free

TL;DR

Affected versions of Erlang/OTP contain a race condition in the shared DTLS packet demultiplexer that allows a remote attacker to crash the process by sending rapid ClientHello messages from the same source address and port. Because the demultiplexer is shared across all DTLS sessions on a listener, a successful attack terminates all active connections, resulting in a pre-authentication denial-of-service (DoS).

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

erlang is vulnerable to Race Condition (TOCTOU) in versions 25.3.0 - 27.3.4.13, 28.0.0 - 28.5.0.2 and 29.0.0 - 29.0.2.

How to fix this

Upgrade the erlang library to the patch version.