{"id":"OESA-2026-1028","summary":"erlang security update","details":"Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson.\r\n\r\nSecurity Fix(es):\n\nAllocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.\n\nThis issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.(CVE-2025-48039)\n\nUncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.\n\nThis issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.(CVE-2025-48040)","modified":"2026-01-09T14:30:04.360615Z","published":"2026-01-09T14:06:14Z","upstream":["CVE-2025-48039","CVE-2025-48040"],"database_specific":{"severity":"Medium"},"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1028"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48039"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48040"}],"affected":[{"package":{"name":"erlang","ecosystem":"openEuler:24.03-LTS-SP2","purl":"pkg:rpm/openEuler/erlang&distro=openEuler-24.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"25.3.2.6-11.oe2403sp2"}]}],"ecosystem_specific":{"aarch64":["erlang-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-asn1-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-common_test-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-compiler-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-crypto-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-debugger-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-debuginfo-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-debugsource-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-dialyzer-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-diameter-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-edoc-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-eldap-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-erl_docgen-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-erl_interface-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-erts-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-et-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-eunit-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-examples-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-ftp-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-inets-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-jinterface-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-kernel-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-megaco-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-mnesia-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-observer-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-odbc-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-os_mon-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-parsetools-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-public_key-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-reltool-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-runtime_tools-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-sasl-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-snmp-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-src-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-ssh-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-ssl-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-stdlib-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-syntax_tools-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-tftp-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-tools-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-wx-25.3.2.6-11.oe2403sp2.aarch64.rpm","erlang-xmerl-25.3.2.6-11.oe2403sp2.aarch64.rpm"],"x86_64":["erlang-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-asn1-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-common_test-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-compiler-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-crypto-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-debugger-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-debuginfo-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-debugsource-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-dialyzer-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-diameter-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-edoc-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-eldap-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-erl_docgen-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-erl_interface-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-erts-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-et-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-eunit-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-examples-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-ftp-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-inets-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-jinterface-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-kernel-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-megaco-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-mnesia-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-observer-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-odbc-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-os_mon-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-parsetools-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-public_key-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-reltool-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-runtime_tools-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-sasl-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-snmp-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-src-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-ssh-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-ssl-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-stdlib-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-syntax_tools-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-tftp-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-tools-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-wx-25.3.2.6-11.oe2403sp2.x86_64.rpm","erlang-xmerl-25.3.2.6-11.oe2403sp2.x86_64.rpm"],"src":["erlang-25.3.2.6-11.oe2403sp2.src.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2026-1028.json"}}],"schema_version":"1.7.3"}