CVE-2025-26618

{"id": "CVE-2025-26618", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.0, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-02-20T19:15:11.953", "references": [{"url": "https://github.com/erlang/otp/commit/0ed2573cbd55c92e9125c9dc70fa1ca7fed82872", "source": "security-advisories@github.com"}, {"url": "https://github.com/erlang/otp/security/advisories/GHSA-78cv-45vx-q6fr", "source": "security-advisories@github.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://erlang.org/download/OTP-27.2.4.README.md", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-789"}]}], "descriptions": [{"lang": "en", "value": "Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang. Packet size is not verified properly for SFTP packets. As a result when multiple SSH packets (conforming to max SSH packet size) are received by ssh, they might be combined into an SFTP packet which will exceed the max allowed packet size and potentially cause large amount of memory to be allocated. Note that situation described above can only happen for successfully authenticated users after completing the SSH handshake. This issue has been patched in OTP versions 27.2.4, 26.2.5.9, and 25.3.2.18. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "Erlang es un lenguaje de programaci\u00f3n y un sistema de ejecuci\u00f3n para crear sistemas de tiempo real flexibles y escalables de forma masiva con requisitos de alta disponibilidad. OTP es un conjunto de bibliotecas de Erlang, que consta del sistema de ejecuci\u00f3n de Erlang, una serie de componentes listos para usar escritos principalmente en Erlang. El tama\u00f1o de los paquetes no se verifica correctamente para los paquetes SFTP. Como resultado, cuando se reciben varios paquetes SSH (que se ajustan al tama\u00f1o m\u00e1ximo de paquete SSH) por ssh, es posible que se combinen en un paquete SFTP que superar\u00e1 el tama\u00f1o m\u00e1ximo de paquete permitido y potencialmente provocar\u00e1 que se asigne una gran cantidad de memoria. Tenga en cuenta que la situaci\u00f3n descrita anteriormente solo puede ocurrir para usuarios autenticados correctamente despu\u00e9s de completar el protocolo de enlace SSH. Este problema se ha corregido en las versiones 27.2.4, 26.2.5.9 y 25.3.2.18 de OTP. No se conocen workarounds para esta vulnerabilidad."}], "lastModified": "2025-11-03T20:18:01.563", "sourceIdentifier": "security-advisories@github.com"}