PT-2026-55269 · Unknown+1 · Erlang/Otp+1
Dan Gudmundsson
+1
·
Published
2026-07-02
·
Updated
2026-07-02
·
CVE-2026-54887
CVSS v4.0
6.3
Medium
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Erlang/OTP versions 20.0 through 29.0.2
Erlang/OTP versions 28.0 through 28.5.0.2
Erlang/OTP versions 27.0 through 27.3.4.13
ssl versions 8.2 through 11.7.2
ssl versions 11.6.0 through 11.6.0.2
ssl versions 11.2.0 through 11.2.12.9
Description
Use of a default cryptographic key in the DTLS server allows for predictable DTLS cookie computation during the startup window, which enables the bypass of source address verification. Upon server startup, the function
dtls server connection:initial hello/3 initializes the previous cookie secret variable to an empty binary instead of a random value. Since HMAC with an empty key is deterministic, an attacker observing the plaintext ClientHello can compute the dtls handshake:cookie() and forge a valid DTLS cookie before the first secret rotation occurs (typically within 0 to 15 seconds). This allows for DTLS handshake amplification using spoofed source addresses, bypassing the denial-of-service mitigation intended to prevent spoofed IPs from forcing the server to allocate state and perform expensive cryptographic operations.Recommendations
Update Erlang/OTP to version 29.0.3, 28.5.0.3, or 27.3.4.14.
Update ssl to version 11.7.3, 11.6.0.3, or 11.2.12.10.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Erlang/Otp
Ssl