Home > Vulnerability Database > CVE-2024-53846

Mend.io Vulnerability Database

CVE-2024-53846

Date: December 5, 2024

OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and OTP-27.0, resulting in a server or client verifying the peer when incorrect extended key usage is presented (i.e., a server will verify a client if they have server auth ext key usage and vice versa).

Language: ERLANG

Severity Score

5.5

Related Resources (3)

Url: https://github.com/erlang/otp/security/advisories/GHSA-qw6r-qh9v-638v

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-53846

Url: https://www.mend.io/vulnerability-database/CVE-2024-53846

Severity Score

5.5

Weakness Type (CWE)

Improper Certificate Validation

CWE-295

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-53846

Date: December 5, 2024

Language: ERLANG

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?