Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Debian 11: Advisories for Erlang Resource Leak & Critical Path Issues

debian lts
Calendar Grey November 24, 2025
Dist Debian Esm H88
Multiple vulnerabilities in Erlang fixed with critical security updates in Debian. Upgrade now to protect your system!
Multiple vulnerabilities were fixed in Erlang an concurrent, real-time, distributed functional language

Summary

CVE-2025-4748

Improper Limitation of a Pathname to a Restricted Directory ('Path
Traversal') vulnerability in Erlang OTP (stdlib modules) allows
Absolute Path Traversal, File Manipulation. This vulnerability is
associated with program files lib/stdlib/src/zip.erl and program
routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2
unless the memory option is passed.

CVE-2025-48038, CVE-2025-48039, CVE-2025-48041

Allocation of Resources Without Limits or Throttling vulnerability
in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation,
Resource Leak Exposure, Flooding. These vulnerabilities are
associated with program files lib/ssh/src/ssh_sftpd.erl.

For Debian 11 bullseye, these problems have been fixed in version
1:23.2.6+dfsg-1+deb11u3.

We recommend that you upgrade your erlang packages.

For the detailed security status of erlang please refer to
its security tracker page at:

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

Package: erlang
Version: 1:23.2.6+dfsg-1+deb11u3
CVE ID: CVE-2025-4748 CVE-2025-48038 CVE-2025-48039 CVE-2025-48041
Debian Bug:

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here