CVE-2024-53846 Information

Description

OTP is a set of Erlang libraries which consists of the Erlang runtime system a number of ready-to-use components mainly written in Erlang and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8 OTP-26.2 and OTP-27.0 resulting in a server or client verifying the peer when incorrect extended key usage is presented (i.e. a server will verify a client if they have server auth ext key usage and vice versa).

Reference

https://github.com/erlang/otp/security/advisories/GHSA-qw6r-qh9v-638v