FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-10-07 06:25:02 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
e4833927-86e5-11e0-a6b4-000a5e1e33c6	Erlang -- ssh library uses a weak random number generator US-CERT reports: The Erlang/OTP ssh library implements a number of cryptographic operations that depend on cryptographically strong random numbers. Unfortunately the RNG used by the library is not cryptographically strong, and is further weakened by the use of predictable seed material. The RNG (Wichman-Hill) is not mixed with an entropy source. Discovery 2011-05-25 Entry 2011-05-25 erlang < r14b03 CVE-2011-0766 http://www.erlang.org/download/otp_src_R14B03.readme https://github.com/erlang/otp/commit/f228601de45c5b53241b103af6616453c50885a5
06269ae8-1e0d-11f0-ad0b-b42e991fc52e	Erlang -- Erlang/OTP SSH Vulnerable to Pre-Authentication RCE security-advisories@github.com reports: Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules. Discovery 2025-04-16 Entry 2025-04-20 erlang < 26.2.5.11 erlang-runtime21 < 25.3.2.20 erlang-runtime22 < 25.3.2.20 erlang-runtime23 < 25.3.2.20 erlang-runtime24 < 25.3.2.20 erlang-runtime25 < 25.3.2.20 erlang-runtime26 < 26.2.5.11 erlang-runtime27 < 27.3.3 CVE-2025-32433 https://nvd.nist.gov/vuln/detail/CVE-2025-32433

VuXML ID

Description

e4833927-86e5-11e0-a6b4-000a5e1e33c6

Erlang -- ssh library uses a weak random number generator

US-CERT reports:

The Erlang/OTP ssh library implements a number of cryptographic operations that depend on cryptographically strong random numbers. Unfortunately the RNG used by the library is not cryptographically strong, and is further weakened by the use of predictable seed material. The RNG (Wichman-Hill) is not mixed with an entropy source.

Discovery 2011-05-25
Entry 2011-05-25
erlang

< r14b03

CVE-2011-0766
http://www.erlang.org/download/otp_src_R14B03.readme
https://github.com/erlang/otp/commit/f228601de45c5b53241b103af6616453c50885a5

06269ae8-1e0d-11f0-ad0b-b42e991fc52e

Erlang -- Erlang/OTP SSH Vulnerable to Pre-Authentication RCE

security-advisories@github.com reports:

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.

Discovery 2025-04-16
Entry 2025-04-20
erlang

< 26.2.5.11

erlang-runtime21

< 25.3.2.20

erlang-runtime22

< 25.3.2.20

erlang-runtime23

< 25.3.2.20

erlang-runtime24

< 25.3.2.20

erlang-runtime25

< 25.3.2.20

erlang-runtime26

< 26.2.5.11

erlang-runtime27

< 27.3.3

CVE-2025-32433
https://nvd.nist.gov/vuln/detail/CVE-2025-32433