AZL-67115

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67115.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-67115

Upstream

CVE-2025-48038

Published

2025-09-11T09:15:33Z

Modified

2026-04-01T05:21:07.712750Z

Summary

CVE-2025-48038 affecting package erlang for versions less than 26.2.5.15-1

Details

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (sshsftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl.

This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-48038

Affected packages

Azure Linux:3 / erlang

Package

Name: erlang
Purl: pkg:rpm/azure-linux/erlang

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

26.2.5.15-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67115.json"