Stack-based buffer overflow in otp - CVE-2026-49759
Published: July 2, 2026
otp
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to stack-based buffer overflow in SCTP error cause parsing in inet_drv.c when processing a crafted SCTP ERROR chunk. A remote attacker can send a specially crafted SCTP ERROR chunk after establishing an SCTP association to cause a denial of service.
Systems are affected only when SCTP support is enabled, a listening SCTP socket is opened via gen_sctp with the default inet backend, and the listening port is reachable from the attacker's network.