Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Debian LTS DLA-4590-1 Addresses Multiple Security Vulnerabilities in Erlang

debian lts
Calendar Grey May 18, 2026
Dist Debian Esm H88
Explore the Debian LTS DLA-4590-1 advisory detailing multiple issues in Erlang including request smuggling and denial of service.
Multiple vulnerabilities were discoverd in Erlang, a concurrent, real-time, distributed functional language

Summary

CVE-2026-21620

Insufficient path sanitizing in tftp_file module.

CVE-2026-23941

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
vulnerability in Erlang OTP (inets httpd module) allows HTTP Request
Smuggling.

CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory ('Path
Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path
Traversal.

CVE-2026-23943

Improper Handling of Highly Compressed Data (Compression Bomb)
vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of
Service via Resource Depletion.

For Debian 11 bullseye, these problems have been fixed in version
1:23.2.6+dfsg-1+deb11u4.

We recommend that you upgrade your erlang packages.

For the detailed security status of erlang please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/erlang

Further information about Debian LTS security advisories, how to apply

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Package: erlang
Version: 1:23.2.6+dfsg-1+deb11u4
CVE ID: CVE-2026-21620 CVE-2026-23941 CVE-2026-23942 CVE-2026-23943
Debian Bug: 1128651 1130912

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here