CVE-2020-35733
- Source
- https://cve.org/CVERecord?id=CVE-2020-35733
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-35733.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-35733
- Downstream
- Related
- Published
- 2021-01-15T14:15:14.803Z
- Modified
- 2026-05-10T12:08:16.578936Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.
- Database specific
{ "unresolved_ranges": [ { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "33" } ] } ] }- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CXZWUOZELT7A5ZN6DJRQHX7L35V4PW/
- https://erlang.org/pipermail/erlang-questions/2021-January/100357.html
- https://github.com/erlang/otp/releases
- https://www.erlang.org/downloads
- https://www.erlang.org/news
Affected packages
Git / github.com/erlang/otp
Affected versions
OTP-17.*
OTP-17.0
OTP-18.*
OTP-18.0
OTP-18.0-rc1
OTP-19.*
OTP-19.0
OTP-19.0-rc1
OTP-19.0-rc2
OTP-20.*
OTP-20.0
OTP-20.0-rc1
OTP-20.0-rc2
OTP-21.*
OTP-21.0
OTP-21.0-rc1
OTP-21.0-rc2
OTP-22.*
OTP-22.0
OTP-22.0-rc1
OTP-22.0-rc2
OTP-22.0-rc3
OTP-23.*
OTP-23.0
OTP-23.0-rc1
OTP-23.0-rc2
OTP-23.0-rc3
OTP-23.1
OTP-23.2
OTP-23.2.1
OTP_17.*
OTP_17.0-rc1
OTP_17.0-rc2
Other
OTP_R13B03
OTP_R13B04
OTP_R14A
OTP_R14B
OTP_R14B01
OTP_R14B02
OTP_R14B03
OTP_R15A
OTP_R15B
OTP_R16A_RELEASE_CANDIDATE
OTP_R16B