{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-53846","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2024-11-22T17:30:02.140Z","datePublished":"2024-12-05T17:02:59.370Z","dateUpdated":"2024-12-06T16:26:57.528Z"},"containers":{"cna":{"title":"ssl fails to validate incorrect extened key usage","problemTypes":[{"descriptions":[{"cweId":"CWE-295","lang":"en","description":"CWE-295: Improper Certificate Validation","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":5.5,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L","version":"3.1"}}],"references":[{"name":"https://github.com/erlang/otp/security/advisories/GHSA-qw6r-qh9v-638v","tags":["x_refsource_CONFIRM"],"url":"https://github.com/erlang/otp/security/advisories/GHSA-qw6r-qh9v-638v"}],"affected":[{"vendor":"erlang","product":"otp","versions":[{"version":">= 25.3.2.8, <= 25.3.2.16","status":"affected"},{"version":">= 26.2, <= 26.2.5.6","status":"affected"},{"version":">= 27.0, <= 27.1.3","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2024-12-05T17:02:59.370Z"},"descriptions":[{"lang":"en","value":"OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and OTP-27.0, resulting in a server or client verifying the peer when incorrect extended key usage is presented (i.e., a server will verify a client if they have server auth ext key usage and vice versa)."}],"source":{"advisory":"GHSA-qw6r-qh9v-638v","discovery":"UNKNOWN"}},"adp":[{"affected":[{"vendor":"erlang","product":"otp","cpes":["cpe:2.3:a:erlang:otp:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"25.3.2.8","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-12-06T16:04:29.566469Z","id":"CVE-2024-53846","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-12-06T16:26:57.528Z"}}]}}