U3Spublished

**Name of the Vulnerable Software and Affected Versions** Erlang OTP versions prior to 25.3.2.18 Erlang OTP versions prior to 26.2.5.9 Erlang OTP versions prior to 27.2.4 **Description** The issue arises from improper verification of packet size for SFTP packets. When multiple SSH packets are received, they might be combined into an SFTP packet that exceeds the maximum allowed packet size, potentially causing a large amount of memory to be allocated. This situation can only occur for successfully authenticated users after completing the SSH handshake. **Recommendations** For Erlang OTP versions prior to 25.3.2.18, update to version 25.3.2.18 or later. For Erlang OTP versions prior to 26.2.5.9, update to version 26.2.5.9 or later. For Erlang OTP versions prior to 27.2.4, update to version 27.2.4 or later. As a temporary workaround, consider restricting access to the SFTP functionality until a patch is applied.