CVE-XXXX-0002

Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS

Previous Page: « Back to all CVEs Next Page: See on OSV.dev »

Summary

Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS

Vulnerability description

In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.

References

• https://github.com/erlef/oidcc/security/advisories/GHSA-mj35-2rgf-cv8p
• https://github.com/erlef/oidcc/commit/2f304d877c7e0613d6fd952d7feacbf40dbc355c
• https://github.com/erlef/oidcc/commit/48171fb62688fb4eec1ead0884aa501e0aa68649
• [debian-lts-announce] 20230711 [SECURITY] [DLA 3491-1] erlang security update

Affected

GitHub: erlang/otp

• affected 0

CVE can also be requested as a JSON: GET /cves/cve-xxxx-0002.json