SUSE update for erlang26
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2025-30211 CVE-2025-32433 |
| CWE-ID | CWE-789 CWE-306 |
| Exploitation vector | Network |
| Public exploit | Vulnerability #2 is being exploited in the wild. |
| Vulnerable software |
Server Applications Module Operating systems & Components / Operating system SUSE Linux Enterprise Real Time 15 Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system erlang26-reltool Operating systems & Components / Operating system package or component erlang26-observer-src Operating systems & Components / Operating system package or component erlang26-wx-src Operating systems & Components / Operating system package or component erlang26-epmd Operating systems & Components / Operating system package or component erlang26-wx Operating systems & Components / Operating system package or component erlang26 Operating systems & Components / Operating system package or component erlang26-et-src Operating systems & Components / Operating system package or component erlang26-et Operating systems & Components / Operating system package or component erlang26-debugsource Operating systems & Components / Operating system package or component erlang26-debugger-src Operating systems & Components / Operating system package or component erlang26-wx-debuginfo Operating systems & Components / Operating system package or component erlang26-dialyzer-src Operating systems & Components / Operating system package or component erlang26-debuginfo Operating systems & Components / Operating system package or component erlang26-observer Operating systems & Components / Operating system package or component erlang26-dialyzer Operating systems & Components / Operating system package or component erlang26-epmd-debuginfo Operating systems & Components / Operating system package or component erlang26-dialyzer-debuginfo Operating systems & Components / Operating system package or component erlang26-reltool-src Operating systems & Components / Operating system package or component erlang26-doc Operating systems & Components / Operating system package or component erlang26-jinterface-src Operating systems & Components / Operating system package or component erlang26-diameter Operating systems & Components / Operating system package or component erlang26-src Operating systems & Components / Operating system package or component erlang26-diameter-src Operating systems & Components / Operating system package or component erlang26-jinterface Operating systems & Components / Operating system package or component erlang26-debugger Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Uncontrolled Memory Allocation
EUVDB-ID: #VU106381
Risk: High
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-30211
CWE-ID:
CWE-789 - Uncontrolled Memory Allocation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to implementation does not verify RFC specified limits on algorithm names provided in KEX init message. A remote attacker can cause a denial of service (DoS) condition on the target system.
MitigationUpdate the affected package erlang26 to the latest version.
Vulnerable software versionsServer Applications Module: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.3 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
erlang26-reltool: before 26.2.1-150300.7.11.1
erlang26-observer-src: before 26.2.1-150300.7.11.1
erlang26-wx-src: before 26.2.1-150300.7.11.1
erlang26-epmd: before 26.2.1-150300.7.11.1
erlang26-wx: before 26.2.1-150300.7.11.1
erlang26: before 26.2.1-150300.7.11.1
erlang26-et-src: before 26.2.1-150300.7.11.1
erlang26-et: before 26.2.1-150300.7.11.1
erlang26-debugsource: before 26.2.1-150300.7.11.1
erlang26-debugger-src: before 26.2.1-150300.7.11.1
erlang26-wx-debuginfo: before 26.2.1-150300.7.11.1
erlang26-dialyzer-src: before 26.2.1-150300.7.11.1
erlang26-debuginfo: before 26.2.1-150300.7.11.1
erlang26-observer: before 26.2.1-150300.7.11.1
erlang26-dialyzer: before 26.2.1-150300.7.11.1
erlang26-epmd-debuginfo: before 26.2.1-150300.7.11.1
erlang26-dialyzer-debuginfo: before 26.2.1-150300.7.11.1
erlang26-reltool-src: before 26.2.1-150300.7.11.1
erlang26-doc: before 26.2.1-150300.7.11.1
erlang26-jinterface-src: before 26.2.1-150300.7.11.1
erlang26-diameter: before 26.2.1-150300.7.11.1
erlang26-src: before 26.2.1-150300.7.11.1
erlang26-diameter-src: before 26.2.1-150300.7.11.1
erlang26-jinterface: before 26.2.1-150300.7.11.1
erlang26-debugger: before 26.2.1-150300.7.11.1
CPE2.3- cpe:2.3:o:suse:server_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:erlang26-reltool:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-observer-src:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-wx-src:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-epmd:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-wx:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-et-src:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-et:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-debugger-src:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-wx-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-dialyzer-src:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-observer:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-dialyzer:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-epmd-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-dialyzer-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-reltool-src:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-doc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-jinterface-src:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-diameter:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-src:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-diameter-src:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-jinterface:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-debugger:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20251356-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Missing Authentication for Critical Function
EUVDB-ID: #VU107594
Risk: Critical
CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2025-32433
CWE-ID:
CWE-306 - Missing Authentication for Critical Function
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to missing authentication in Erlang/OTP SSH server. A remote non-authenticated attacker can send specially crafted messages to the server and execute arbitrary code on the system.
MitigationUpdate the affected package erlang26 to the latest version.
Vulnerable software versionsServer Applications Module: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.3 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
erlang26-reltool: before 26.2.1-150300.7.11.1
erlang26-observer-src: before 26.2.1-150300.7.11.1
erlang26-wx-src: before 26.2.1-150300.7.11.1
erlang26-epmd: before 26.2.1-150300.7.11.1
erlang26-wx: before 26.2.1-150300.7.11.1
erlang26: before 26.2.1-150300.7.11.1
erlang26-et-src: before 26.2.1-150300.7.11.1
erlang26-et: before 26.2.1-150300.7.11.1
erlang26-debugsource: before 26.2.1-150300.7.11.1
erlang26-debugger-src: before 26.2.1-150300.7.11.1
erlang26-wx-debuginfo: before 26.2.1-150300.7.11.1
erlang26-dialyzer-src: before 26.2.1-150300.7.11.1
erlang26-debuginfo: before 26.2.1-150300.7.11.1
erlang26-observer: before 26.2.1-150300.7.11.1
erlang26-dialyzer: before 26.2.1-150300.7.11.1
erlang26-epmd-debuginfo: before 26.2.1-150300.7.11.1
erlang26-dialyzer-debuginfo: before 26.2.1-150300.7.11.1
erlang26-reltool-src: before 26.2.1-150300.7.11.1
erlang26-doc: before 26.2.1-150300.7.11.1
erlang26-jinterface-src: before 26.2.1-150300.7.11.1
erlang26-diameter: before 26.2.1-150300.7.11.1
erlang26-src: before 26.2.1-150300.7.11.1
erlang26-diameter-src: before 26.2.1-150300.7.11.1
erlang26-jinterface: before 26.2.1-150300.7.11.1
erlang26-debugger: before 26.2.1-150300.7.11.1
CPE2.3- cpe:2.3:o:suse:server_applications_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:erlang26-reltool:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-observer-src:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-wx-src:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-epmd:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-wx:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-et-src:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-et:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-debugger-src:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-wx-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-dialyzer-src:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-observer:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-dialyzer:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-epmd-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-dialyzer-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-reltool-src:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-doc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-jinterface-src:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-diameter:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-src:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-diameter-src:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-jinterface:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:erlang26-debugger:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20251356-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
