PT-2026-55272 · Unknown+1 · Erlang/Otp+1
Dan Gudmundsson
+2
·
Published
2026-07-02
·
Updated
2026-07-02
·
CVE-2026-55952
CVSS v4.0
8.2
High
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Erlang/OTP versions 22.2 through 29.0.2
Erlang/OTP version 28.5.0.3
Erlang/OTP version 27.3.4.14
ssl versions 9.5 through 11.7.2
ssl version 11.6.0.3
ssl version 11.2.12.10
Description
The ssl application fails to validate that the PSK identity list and binder list in a TLS 1.3 ClientHello pre-shared key extension have equal length. In the function
handle pre shared key/3, an OfferedPreSharedKeys record with mismatched lengths is passed to use/4, causing the session ticket handler process to crash. An unauthenticated remote attacker can send a crafted ClientHello to a TLS 1.3 server with session tickets enabled to disrupt session ticket handling. While new TLS 1.3 handshakes may complete, they crash when the server attempts to issue a session ticket, rendering TLS 1.3 unusable on the listener until the application is restarted. TLS 1.2 connections are not affected.Recommendations
Update Erlang/OTP to version 29.0.3 or later.
Update Erlang/OTP to a version newer than 28.5.0.3.
Update Erlang/OTP to a version newer than 27.3.4.14.
Update ssl to version 11.7.3 or later.
Update ssl to a version newer than 11.6.0.3.
Update ssl to a version newer than 11.2.12.10.
Disable session tickets on TLS 1.3 servers by setting
session tickets to disabled in the server's ssl options.
Restrict the server to TLS 1.2 by setting versions to ['tlsv1.2'] in the server's ssl options.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Erlang/Otp
Ssl