Vulnerability in Erlang Otp
CVE-2026-55952
The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tls_handshake_1_3…
Affected products
- Erlang Otp — versions 9.5, 22.2, 339a279f02ce38a7b23010e56000613e19abb21f
Weakness classification (CWE)
References
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, vendor-advisory)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (x_version-scheme)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)