X.509 Certificate Validation Issue in Erlang/OTP SSL Application by Erlang
CVE-2020-35733

7.5HIGH

Key Information:

Vendor

Erlang

Status
Erlang\/otp
Vendor
CVE Published:
15 January 2021

What is CVE-2020-35733?

An issue has been identified in Erlang/OTP prior to version 23.2.2, where the ssl application version 10.2 improperly accepts and trusts invalid X.509 certificate chains that lead to a trusted root Certification Authority. This vulnerability raises concerns about the integrity of SSL/TLS communications, as it could potentially allow malicious actors to exploit the flawed certificate verification process, compromising the confidentiality and authenticity of data transmitted over secure connections.

References

https://www.erlang.org/news
x_refsource_MISC
https://www.erlang.org/downloads
x_refsource_MISC
https://github.com/erlang/otp/releases
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.