Main Vulnerability Database Vulnerabilities #VU106951

#VU106951 Uncontrolled memory allocation in otp - CVE-2025-26618

Published: April 3, 2025

Vulnerability identifier: #VU106951

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-26618

CWE-ID: CWE-789

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
otp

Software vendor:
erlang

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper handling of SFTP packets. A remote attacker can send multiple SFTP packets to the application and consume large amount of memory, resulting in a denial of service.

Remediation

Install updates from vendor's website.

External links

https://erlang.org/download/OTP-27.2.4.README.md
https://github.com/erlang/otp/commit/0ed2573cbd55c92e9125c9dc70fa1ca7fed82872
https://github.com/erlang/otp/security/advisories/GHSA-78cv-45vx-q6fr

#VU106951 Uncontrolled memory allocation in otp - CVE-2025-26618

Description

Remediation

External links

Please verify you're human