Intel

AIKIDO-2026-600274

erlang is vulnerable to Improper Validation of Specified Quantity in Input

Improper Validation of Specified Quantity in InputCVE-2026-55952 Published 5 days ago

82

High Risk

This Affects:

OSerlang
22.2.0 - 27.3.4.13
Fixed in 27.3.4.14
28.0.0 - 28.5.0.2
Fixed in 28.5.0.3
29.0.0 - 29.0.2
Fixed in 29.0.3
Are you affected? Scan for Free

TL;DR

Affected versions of Erlang/OTP are vulnerable to a denial-of-service (DoS) issue where a malformed TLS 1.3 ClientHello can crash the session ticket handler process. An unauthenticated attacker can disrupt TLS 1.3 by preventing session ticket issuance, causing new TLS 1.3 connections to fail until the affected listeners or the ssl application are restarted. TLS 1.2 is not affected.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

erlang is vulnerable to Improper Validation of Specified Quantity in Input in versions 22.2.0 - 27.3.4.13, 28.0.0 - 28.5.0.2 and 29.0.0 - 29.0.2.

How to fix this

Upgrade the erlang library to the patch version.