CVE-2020-35733

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Erlang/OTP versions prior to 23.2.2

Description An issue was discovered in the ssl application, which accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority. This could allow a remote attacker to gain access to confidential data due to errors in the certificate authentication procedure.

Recommendations For versions prior to 23.2.2, update to version 23.2.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ssl application version 10.2 until a patch is available. Avoid trusting certificate chains that are not properly validated to minimize the risk of exploitation.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

ALT-PU-2021-3065

ALT-PU-2021-3284

ALT-PU-2024-9499

BDU:2023-01664

CVE-2020-35733

OPENSUSE-SU-2024:10740-1

OPENSUSE-SU-2025:15740-1

Affected Products

Alt Linux

Astra Linux

Erlang/Otp

CVE-2020-35733

Weakness Enumeration

Related Identifiers

Affected Products

References · 28