PT-2026-55272 · Unknown+1 · Erlang/Otp+1

Dan Gudmundsson

+2

·

Published

2026-07-02

·

Updated

2026-07-02

·

CVE-2026-55952

CVSS v4.0

8.2

High

VectorAV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Erlang/OTP versions 22.2 through 29.0.2 Erlang/OTP version 28.5.0.3 Erlang/OTP version 27.3.4.14 ssl versions 9.5 through 11.7.2 ssl version 11.6.0.3 ssl version 11.2.12.10
Description The ssl application fails to validate that the PSK identity list and binder list in a TLS 1.3 ClientHello pre-shared key extension have equal length. In the function handle pre shared key/3, an OfferedPreSharedKeys record with mismatched lengths is passed to use/4, causing the session ticket handler process to crash. An unauthenticated remote attacker can send a crafted ClientHello to a TLS 1.3 server with session tickets enabled to disrupt session ticket handling. While new TLS 1.3 handshakes may complete, they crash when the server attempts to issue a session ticket, rendering TLS 1.3 unusable on the listener until the application is restarted. TLS 1.2 connections are not affected.
Recommendations Update Erlang/OTP to version 29.0.3 or later. Update Erlang/OTP to a version newer than 28.5.0.3. Update Erlang/OTP to a version newer than 27.3.4.14. Update ssl to version 11.7.3 or later. Update ssl to a version newer than 11.6.0.3. Update ssl to a version newer than 11.2.12.10. Disable session tickets on TLS 1.3 servers by setting session tickets to disabled in the server's ssl options. Restrict the server to TLS 1.2 by setting versions to ['tlsv1.2'] in the server's ssl options.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-55952
GHSA-8C57-44C9-PC59

Affected Products

Erlang/Otp
Ssl