| Package | erlang |
|---|---|
| Version | 19.2.1+dfsg-2+really23.3.4.18-0+deb9u4 (stretch), 1:22.2.7+dfsg-1+deb10u3 (buster) |
| Related CVEs | CVE-2025-32433 |
A remote code execution vulnerability was discovered in the Erlang/OTP implementation of the SSH protocol.
-
CVE-2025-32433
A SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials.
For Debian 10 buster, these problems have been fixed in version 1:22.2.7+dfsg-1+deb10u3.
For Debian 9 stretch, these problems have been fixed in version 19.2.1+dfsg-2+really23.3.4.18-0+deb9u4.
We recommend that you upgrade your erlang packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.