Your submission was sent successfully! Close

CVE-2015-2774

Published: 07 April 2016

Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).

Priority

Low

CVSS 3 base score: 5.9

Status

Package Release Status
erlang
Launchpad, Ubuntu, Debian
Upstream
Released (1:17.3-dfsg-4)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(1:18.3-dfsg-1ubuntu3)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1:16.b.3-dfsg-1ubuntu2.2)
Patches:
Upstream: https://github.com/erlang/otp/commit/e53c55dd0ab69982bc511396ccf8655d27c6d38c