Main Vulnerability Database SB2026041027

SB2026041027 - openEuler 24.03 LTS SP1 update for erlang

Published: April 10, 2026

Security Bulletin ID SB2026041027

Severity

High

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2026-23941)

The vulnerability allows a remote attacker to smuggle HTTP requests.

The vulnerability exists due to inconsistent interpretation of HTTP requests in inets httpd Content-Length parsing when processing requests with duplicate Content-Length headers that contain different values. A remote attacker can send a specially crafted request to smuggle HTTP requests.

Exploitation requires httpd to be deployed behind a reverse proxy, load balancer, or CDN that uses a different Content-Length resolution strategy, typically with persistent connections enabled.

2) Path traversal (CVE-ID: CVE-2026-23942)

The vulnerability allows a remote user to access files outside the configured root directory.

The vulnerability exists due to path traversal in ssh_sftpd when validating file paths using string prefix matching for the root option. A remote user can request paths in sibling directories that share a common name prefix to access files outside the configured root directory.

The issue applies only when the root option is configured under the assumption that it provides complete directory isolation.

3) Improper handling of highly compressed data (CVE-ID: CVE-2026-23943)

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper handling of highly compressed data in ssh compression handling when decompressing crafted compressed packets. A remote attacker can send compressed packets that expand to excessive sizes when decompressed to cause a denial of service.

The zlib algorithm enables unauthenticated attacks after key exchange, while zlib@openssh.com enables attacks after authentication. When parallel_login=true, memory consumption can reach multiple gigabytes.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1668

Vulnerable Software

openEuler: 24.03 LTS SP1
erlang-xmerl: before 25.3.2.6-13
erlang-wx: before 25.3.2.6-13
erlang-tools: before 25.3.2.6-13
erlang-tftp: before 25.3.2.6-13
erlang-syntax_tools: before 25.3.2.6-13
erlang-stdlib: before 25.3.2.6-13
erlang-ssl: before 25.3.2.6-13
erlang-ssh: before 25.3.2.6-13
erlang-src: before 25.3.2.6-13
erlang-snmp: before 25.3.2.6-13
erlang-sasl: before 25.3.2.6-13
erlang-runtime_tools: before 25.3.2.6-13
erlang-reltool: before 25.3.2.6-13
erlang-public_key: before 25.3.2.6-13
erlang-parsetools: before 25.3.2.6-13
erlang-os_mon: before 25.3.2.6-13
erlang-odbc: before 25.3.2.6-13
erlang-observer: before 25.3.2.6-13
erlang-mnesia: before 25.3.2.6-13
erlang-megaco: before 25.3.2.6-13
erlang-kernel: before 25.3.2.6-13
erlang-jinterface: before 25.3.2.6-13
erlang-inets: before 25.3.2.6-13
erlang-ftp: before 25.3.2.6-13
erlang-examples: before 25.3.2.6-13
erlang-eunit: before 25.3.2.6-13
erlang-et: before 25.3.2.6-13
erlang-erts: before 25.3.2.6-13
erlang-erl_interface: before 25.3.2.6-13
erlang-erl_docgen: before 25.3.2.6-13
erlang-eldap: before 25.3.2.6-13
erlang-edoc: before 25.3.2.6-13
erlang-diameter: before 25.3.2.6-13
erlang-dialyzer: before 25.3.2.6-13
erlang-debugsource: before 25.3.2.6-13
erlang-debuginfo: before 25.3.2.6-13
erlang-debugger: before 25.3.2.6-13
erlang-crypto: before 25.3.2.6-13
erlang-compiler: before 25.3.2.6-13
erlang-common_test: before 25.3.2.6-13
erlang-asn1: before 25.3.2.6-13
erlang: before 25.3.2.6-13

SB2026041027 - openEuler 24.03 LTS SP1 update for erlang

Breakdown by Severity

Description

Remediation

References

Please verify you're human