SFTP Packet Size Vulnerability in Erlang's OTP Runtime System
CVE-2025-26618

7HIGH

Key Information:

Vendor

Erlang

Status
Otp
Vendor
CVE Published:
20 February 2025

What is CVE-2025-26618?

Erlang's OTP runtime system is susceptible to a packet size handling vulnerability that can be exploited by authenticated users. When multiple SSH packets are processed together, they may be incorrectly combined into an SFTP packet, leading to a situation where the resultant packet exceeds the maximum allowed size. This inappropriate handling can result in excessive memory allocation, thereby posing risks of denial-of-service for affected applications. The issue arises only after successful authentication following the SSH handshake, making it critical for users to update to the patched versions to mitigate potential threats. No workarounds are available for this vulnerability.

Affected Version(s)

otp >= OTP-27.0.0, < OTP-27.2.4 < OTP-27.0.0, OTP-27.2.4

otp >= OTP-26.0.0.0, < OTP-26.2.5.9 < OTP-26.0.0.0, OTP-26.2.5.9

otp < OTP-25.3.2.18 < OTP-25.3.2.18

References

https://github.com/erlang/otp/security/advisories/GHSA-78...
x_refsource_CONFIRM
https://github.com/erlang/otp/commit/0ed2573cbd55c92e9125...
x_refsource_MISC

CVSS V4

Score:
7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-26618 : SFTP Packet Size Vulnerability in Erlang's OTP Runtime System