CVE-2020-35733

An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.

References

Affected packages

Git / github.com/erlang/otp

Affected ranges

Type

GIT

Repo

https://github.com/erlang/otp

Events

Introduced

Fixed

1a7dc7ad22b089a01b253432484983fd6e141103

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "23.2.2"
        }
    ]
}

Affected versions

OTP-17.*

OTP-17.0

OTP-17.0.1

OTP-17.0.2

OTP-17.1

OTP-17.1.1

OTP-17.1.2

OTP-17.2

OTP-17.2.1

OTP-17.2.2

OTP-17.3

OTP-17.3.1

OTP-17.3.2

OTP-17.3.3

OTP-17.3.4

OTP-17.4

OTP-17.4.1

OTP-17.5

OTP-17.5.1

OTP-17.5.2

OTP-17.5.3

OTP-17.5.4

OTP-17.5.5

OTP-17.5.6

OTP-17.5.6.1

OTP-17.5.6.10

OTP-17.5.6.2

OTP-17.5.6.3

OTP-17.5.6.4

OTP-17.5.6.5

OTP-17.5.6.6

OTP-17.5.6.7

OTP-17.5.6.8

OTP-17.5.6.9

OTP-18.*

OTP-18.0

OTP-18.0-rc1

OTP-18.0-rc2

OTP-18.0.1

OTP-18.0.2

OTP-18.0.3

OTP-18.1

OTP-18.1.1

OTP-18.1.2

OTP-18.1.3

OTP-18.1.4

OTP-18.1.5

OTP-18.2

OTP-18.2.1

OTP-18.2.2

OTP-18.2.3

OTP-18.2.4

OTP-18.2.4.0.1

OTP-18.2.4.1

OTP-18.3

OTP-18.3.1

OTP-18.3.2

OTP-18.3.3

OTP-18.3.4

OTP-18.3.4.1

OTP-18.3.4.1.1

OTP-18.3.4.10

OTP-18.3.4.11

OTP-18.3.4.2

OTP-18.3.4.3

OTP-18.3.4.4

OTP-18.3.4.5

OTP-18.3.4.6

OTP-18.3.4.7

OTP-18.3.4.8

OTP-18.3.4.9

OTP-19.*

OTP-19.0

OTP-19.0-rc1

OTP-19.0-rc2

OTP-19.0.1

OTP-19.0.2

OTP-19.0.3

OTP-19.0.4

OTP-19.0.5

OTP-19.0.6

OTP-19.0.7

OTP-19.1

OTP-19.1.1

OTP-19.1.2

OTP-19.1.3

OTP-19.1.4

OTP-19.1.5

OTP-19.1.6

OTP-19.1.6.1

OTP-19.2

OTP-19.2.1

OTP-19.2.2

OTP-19.2.3

OTP-19.2.3.1

OTP-19.3

OTP-19.3.1

OTP-19.3.2

OTP-19.3.3

OTP-19.3.4

OTP-19.3.5

OTP-19.3.6

OTP-19.3.6.1

OTP-19.3.6.10

OTP-19.3.6.11

OTP-19.3.6.12

OTP-19.3.6.13

OTP-19.3.6.2

OTP-19.3.6.3

OTP-19.3.6.4

OTP-19.3.6.5

OTP-19.3.6.6

OTP-19.3.6.7

OTP-19.3.6.8

OTP-19.3.6.9

OTP-20.*

OTP-20.0

OTP-20.0-rc1

OTP-20.0-rc2

OTP-20.0.1

OTP-20.0.2

OTP-20.0.3

OTP-20.0.4

OTP-20.0.5

OTP-20.1

OTP-20.1.1

OTP-20.1.2

OTP-20.1.3

OTP-20.1.4

OTP-20.1.5

OTP-20.1.6

OTP-20.1.7

OTP-20.1.7.1

OTP-20.2

OTP-20.2.0.1

OTP-20.2.1

OTP-20.2.2

OTP-20.2.3

OTP-20.2.4

OTP-20.3

OTP-20.3.1

OTP-20.3.2

OTP-20.3.2.1

OTP-20.3.3

OTP-20.3.4

OTP-20.3.5

OTP-20.3.6

OTP-20.3.7

OTP-20.3.8

OTP-20.3.8.1

OTP-20.3.8.10

OTP-20.3.8.11

OTP-20.3.8.12

OTP-20.3.8.13

OTP-20.3.8.14

OTP-20.3.8.15

OTP-20.3.8.16

OTP-20.3.8.17

OTP-20.3.8.18

OTP-20.3.8.19

OTP-20.3.8.2

OTP-20.3.8.20

OTP-20.3.8.21

OTP-20.3.8.22

OTP-20.3.8.23

OTP-20.3.8.24

OTP-20.3.8.25

OTP-20.3.8.26

OTP-20.3.8.3

OTP-20.3.8.4

OTP-20.3.8.5

OTP-20.3.8.6

OTP-20.3.8.7

OTP-20.3.8.8

OTP-20.3.8.9

OTP-21.*

OTP-21.0

OTP-21.0-rc1

OTP-21.0-rc2

OTP-21.0.1

OTP-21.0.2

OTP-21.0.3

OTP-21.0.4

OTP-21.0.5

OTP-21.0.6

OTP-21.0.7

OTP-21.0.8

OTP-21.0.9

OTP-21.1

OTP-21.1.1

OTP-21.1.2

OTP-21.1.3

OTP-21.1.4

OTP-21.2

OTP-21.2.1

OTP-21.2.2

OTP-21.2.3

OTP-21.2.4

OTP-21.2.5

OTP-21.2.6

OTP-21.2.7

OTP-21.3

OTP-21.3.1

OTP-21.3.2

OTP-21.3.3

OTP-21.3.4

OTP-21.3.5

OTP-21.3.6

OTP-21.3.7

OTP-21.3.7.1

OTP-21.3.8

OTP-21.3.8.1

OTP-21.3.8.10

OTP-21.3.8.11

OTP-21.3.8.12

OTP-21.3.8.13

OTP-21.3.8.14

OTP-21.3.8.15

OTP-21.3.8.16

OTP-21.3.8.17

OTP-21.3.8.18

OTP-21.3.8.2

OTP-21.3.8.3

OTP-21.3.8.4

OTP-21.3.8.5

OTP-21.3.8.6

OTP-21.3.8.7

OTP-21.3.8.8

OTP-21.3.8.9

OTP-22.*

OTP-22.0

OTP-22.0-rc1

OTP-22.0-rc2

OTP-22.0-rc3

OTP-22.0.1

OTP-22.0.2

OTP-22.0.3

OTP-22.0.4

OTP-22.0.5

OTP-22.0.6

OTP-22.0.7

OTP-22.1

OTP-22.1.1

OTP-22.1.2

OTP-22.1.3

OTP-22.1.4

OTP-22.1.5

OTP-22.1.6

OTP-22.1.7

OTP-22.1.8

OTP-22.1.8.1

OTP-22.2

OTP-22.2.1

OTP-22.2.2

OTP-22.2.3

OTP-22.2.4

OTP-22.2.5

OTP-22.2.6

OTP-22.2.7

OTP-22.2.8

OTP-22.3

OTP-22.3.1

OTP-22.3.2

OTP-22.3.3

OTP-22.3.4

OTP-22.3.4.1

OTP-22.3.4.10

OTP-22.3.4.11

OTP-22.3.4.12

OTP-22.3.4.13

OTP-22.3.4.2

OTP-22.3.4.3

OTP-22.3.4.4

OTP-22.3.4.5

OTP-22.3.4.6

OTP-22.3.4.7

OTP-22.3.4.8

OTP-22.3.4.9

OTP-23.*

OTP-23.0

OTP-23.0-rc1

OTP-23.0-rc2

OTP-23.0-rc3

OTP-23.0.1

OTP-23.0.2

OTP-23.0.3

OTP-23.0.4

OTP-23.1

OTP-23.1.1

OTP-23.1.2

OTP-23.1.3

OTP-23.1.4

OTP-23.1.5

OTP-23.2

OTP-23.2.1

OTP_17.*

OTP_17.0-rc1

OTP_17.0-rc2

Other

OTP_R13B03

OTP_R13B04

OTP_R14A

OTP_R14B

OTP_R14B01

OTP_R14B02

OTP_R14B03

OTP_R14B04

OTP_R15A

OTP_R15B

OTP_R15B01

OTP_R15B02

OTP_R15B03

OTP_R15B03-1

OTP_R16A_RELEASE_CANDIDATE

OTP_R16B

OTP_R16B01

OTP_R16B01_RC1

OTP_R16B02

OTP_R16B03

OTP_R16B03-1

OTP_R16B03_yielding_binary_to_term

R16B02_yielding_binary_to_term

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "33"
            }
        ]
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-35733.json"