CVE-2022-37026

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Erlang/OTP versions prior to 23.3.4.15 Erlang/OTP versions 24.x prior to 24.3.4.2 Erlang/OTP versions 25.x prior to 25.0.2

Description The issue is related to a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS. This allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability is associated with deficiencies in the authentication procedure.

Recommendations For Erlang/OTP versions prior to 23.3.4.15, update to version 23.3.4.15 or later. For Erlang/OTP versions 24.x prior to 24.3.4.2, update to version 24.3.4.2 or later. For Erlang/OTP versions 25.x prior to 25.0.2, update to version 25.0.2 or later.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

ALT-PU-2022-2944

ALT-PU-2022-3187

ALT-PU-2024-9499

BDU:2023-03852

CVE-2022-37026

DLA-3491-1

MGASA-2022-0450

OESA-2023-1912

OESA-2023-1941

OESA-2023-1942

OPENSUSE-SU-2022_4215-1

OPENSUSE-SU-2023_3401-1

OPENSUSE-SU-2024:12416-1

OPENSUSE-SU-2025:15740-1

RHSA-2022:8857

SUSE-SU-2022:4215-1

SUSE-SU-2022:4222-1

SUSE-SU-2022_4215-1

SUSE-SU-2022_4222-1

SUSE-SU-2023:3401-1

SUSE-SU-2023:3409-1

SUSE-SU-2023:4109-1

SUSE-SU-2023_3401-1

SUSE-SU-2023_3409-1

SUSE-SU-2023_4109-1

USN-6059-1

Affected Products

Alt Linux

Astra Linux

Erlang/Otp

Linuxmint

Red Os

Suse

Ubuntu

CVE-2022-37026

Weakness Enumeration

Related Identifiers

Affected Products

References · 55