CVE-2025-26618— SSH SFTP packet size not verified properly in Erlang OTP
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-26618
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SSH SFTP packet size not verified properly in Erlang OTP
Source: NVD (National Vulnerability Database)
Vulnerability Description
Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang. Packet size is not verified properly for SFTP packets. As a result when multiple SSH packets (conforming to max SSH packet size) are received by ssh, they might be combined into an SFTP packet which will exceed the max allowed packet size and potentially cause large amount of memory to be allocated. Note that situation described above can only happen for successfully authenticated users after completing the SSH handshake. This issue has been patched in OTP versions 27.2.4, 26.2.5.9, and 25.3.2.18. There are no known workarounds for this vulnerability.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
未经控制的内存分配
Source: NVD (National Vulnerability Database)
Vulnerability Title
Erlang/OTP 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Erlang/OTP是Erlang/OTP开源的一个JavaScript编写的处理处理异常的库。该库可以捕捉node.js内置API引发的异常。 Erlang/OTP 存在安全漏洞,该漏洞源于未正确验证SFTP数据包大小,会导致大量内存被分配。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-26618
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-26618
请登录查看更多情报信息。
- SSH SFTP packet size not verified properly · Advisory · erlang/otp · GitHubx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2025-26618
IV. Related Vulnerabilities
Same product: otp
- CVE-2026-32147
SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT - CVE-2026-28808
ScriptAlias CGI targets bypass directory auth in inets httpd - CVE-2026-32144
OCSP designated-responder authorization bypass via missing s - CVE-2026-28810
Predictable DNS Transaction IDs Enable Cache Poisoning in Bu - CVE-2026-23943
Pre-auth SSH DoS via unbounded zlib inflate
Same vendor: erlang
- CVE-2026-32147
SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT - CVE-2026-28808
ScriptAlias CGI targets bypass directory auth in inets httpd - CVE-2026-32144
OCSP designated-responder authorization bypass via missing s - CVE-2026-28810
Predictable DNS Transaction IDs Enable Cache Poisoning in Bu - CVE-2026-23943
Pre-auth SSH DoS via unbounded zlib inflate
Same weakness: CWE-789
- CVE-2021-47973
Sticky Notes Widget 3.0.6 Denial of Service via Buffer Overf - CVE-2021-47972
Sticky Notes & Color Widgets 1.4.2 Denial of Service - CVE-2021-47971
My Notes Safe 5.3 Denial of Service via Buffer Overflow - CVE-2021-47970
Macaron Notes 5.5 Denial of Service via Buffer Overflow - CVE-2021-47969
Color Notes 1.4 Denial of Service via Long Character String
V. Comments for CVE-2025-26618
No comments yet