Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://github.com/erlang/otp/security/advisories/GHSA-vvr3-fjhh-cfwc below:

KEX init error results with excessive memory usage · Advisory · erlang/otp · GitHub

Maliciously formed KEX init message can result with high memory usage.
Implementation does not verify RFC specified limits on algorithm names (64 characters) provided in KEX init message.

Big KEX init packet may lead to inefficient processing of the error data. As a result, large amount of memory will be allocated for processing malicious data.

• set option parallel_login to false
• reduce max_sessions option

A version larger than or equal to one of the listed patched versions is unaffected; otherwise, a version that satisfies an expression listed under affected versions is affected, and if it does not, it is unaffected.

The documentation of the new OTP version scheme describes how versions should be compared. Note that versions used prior to OTP 17.0, when the new OTP version scheme was introduced, are never listed since it is not well defined how to compare those versions.

In the case of this vulnerability, versions prior to OTP 17.0 are likely also affected.

n/a

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4