| Release | Version |
|---|---|
| bullseye | 1:23.2.6+dfsg-1+deb11u1 |
| bullseye (security) | 1:23.2.6+dfsg-1+deb11u2 |
| bookworm | 1:25.2.3+dfsg-1+deb12u3 |
| bookworm (security) | 1:25.2.3+dfsg-1+deb12u1 |
| trixie | 1:27.3.4.1+dfsg-1 |
| forky | 1:27.3.4.1+dfsg-1 |
| sid | 1:27.3.4.3+dfsg-1 |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2025-48041 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | fixed | Allocation of Resources Without Limits or Throttling vulnerability in ... |
| CVE-2025-48040 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | fixed | Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh ... |
| CVE-2025-48039 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | fixed | Allocation of Resources Without Limits or Throttling vulnerability in ... |
| CVE-2025-48038 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | fixed | Allocation of Resources Without Limits or Throttling vulnerability in ... |
| CVE-2025-46712 | vulnerable (no DSA, postponed) | fixed | fixed | fixed | fixed | Erlang/OTP is a set of libraries for the Erlang programming language. ... |
| CVE-2025-4748 | vulnerable | fixed | fixed | fixed | fixed | Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ... |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2016-1000107 | vulnerable | vulnerable | vulnerable | vulnerable | fixed | inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1 ... |
| CVE-2009-0130 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | lib/crypto/c_src/crypto_drv.c in erlang does not properly check the re ... |
| Bug | Description |
|---|---|
| CVE-2025-32433 | Erlang/OTP is a set of libraries for the Erlang programming language. ... |
| CVE-2025-30211 | Erlang/OTP is a set of libraries for the Erlang programming language. ... |
| CVE-2025-26618 | Erlang is a programming language and runtime system for building massi ... |
| CVE-2024-53846 | OTP is a set of Erlang libraries, which consists of the Erlang runtime ... |
| CVE-2023-48795 | The SSH transport protocol with certain OpenSSH extensions, found in O ... |
| CVE-2022-37026 | In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before ... |
| CVE-2021-29221 | A local privilege escalation vulnerability was discovered in Erlang/OT ... |
| CVE-2020-35733 | An issue was discovered in Erlang/OTP before 23.2.2. The ssl applicati ... |
| CVE-2020-25623 | Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Director ... |
| CVE-2020-12872 | yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ... |
| CVE-2017-1000385 | The Erlang otp TLS server answers with different TLS alerts to differe ... |
| CVE-2016-10253 | An issue was discovered in Erlang/OTP 18.x. Erlang's generation of com ... |
| CVE-2015-2774 | Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes w ... |
| CVE-2014-3566 | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ... |
| CVE-2014-1693 | Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OT ... |
| CVE-2011-3389 | The SSL protocol, as used in certain configurations in Microsoft Windo ... |
| CVE-2011-0766 | The random number generator in the Crypto application before 2.0.2.2, ... |
| DSA / DLA | Description |
|---|---|
| DLA-4132-1 | erlang - security update |
| DSA-5906-1 | erlang - security update |
| DLA-3491-1 | erlang - security update |
| DLA-1207-1 | erlang - security update |
| DSA-4057-1 | erlang - security update |