{"id":"AZL-54051","summary":"CVE-2024-53846 affecting package erlang for versions less than 26.2.5.6-1","details":"OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and OTP-27.0, resulting in a server or client verifying the peer when incorrect extended key usage is presented (i.e., a server will verify a client if they have server auth ext key usage and vice versa).","modified":"2026-04-21T04:35:27.212931Z","published":"2024-12-05T17:15:14Z","upstream":["CVE-2024-53846"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53846"}],"affected":[{"package":{"name":"erlang","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/erlang"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"26.2.5.6-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-54051.json"}}],"schema_version":"1.7.5"}