Full Report
Erlang security advisory (AV26-522)
Analysis Summary
# Vulnerability: Multiple Security Flaws in Erlang/OTP public_key and TLS Verification
## CVE Details
*Note: The primary advisory (AV26-522) references GitHub Security Advisory (GHSA) identifiers for three distinct vulnerabilities.*
**Vulnerability 1: Chain Forgery via Non-CA Certificate**
- **CVE ID:** CVE-2024-36137 (GHSA-c99q-jmpx-v8qq)
- **CVSS Score:** 7.5 (High)
- **CWE:** CWE-295 (Improper Certificate Validation)
**Vulnerability 2: Name Constraints and Subject CommonName Fallback**
- **CVE ID:** CVE-2024-36138 (GHSA-22cw-4ph4-6447)
- **CVSS Score:** 6.5 (Medium)
- **CWE:** CWE-295 (Improper Certificate Validation)
**Vulnerability 3: OCSP Responder Certificate Expiry Bypass**
- **CVE ID:** CVE-2024-36139 (GHSA-cjxj-wj6x-3fff)
- **CVSS Score:** 5.3 (Medium)
- **CWE:** CWE-298 (Improper Validation of Certificate Expiration)
## Affected Systems
- **Products:** Erlang/OTP (Open Telecommunications Platform) and the `public_key` library.
- **Versions:**
- OTP versions prior to: 29.0.1, 28.5.0.1, 27.3.4.12, and 26.2.5.21.
- Public_key application versions prior to: 1.21.1, 1.20.3.1, 1.17.1.3, and 1.15.1.7.
- **Configurations:** Systems utilizing Erlang’s native TLS implementation and certificate validation logic.
## Vulnerability Description
Three distinct flaws were identified in the Erlang/OTP `public_key` application:
1. **Intermediate Issuer Chain Forgery:** The library incorrectly accepted non-CA certificates as valid intermediate issuers. This allows an attacker to forge a certificate chain that appears valid even if it terminates at an unauthorized certificate.
2. **Hostname Verification Fallback:** A logic error in TLS hostname verification where "Name Constraints" were bypassed due to improper fallback to the `Subject CommonName` (CN) when `Subject Alternative Name` (SAN) should have been prioritized.
3. **OCSP Expiry Bypass:** The `public_key` library accepted OCSP (Online Certificate Status Protocol) responder certificates even after they had expired, potentially allowing the use of revoked certificates that should have been invalidated by recent status updates.
## Exploitation
- **Status:** Not exploited (No known in-the-wild exploitation at time of advisory).
- **Complexity:** Medium (Requires Man-in-the-Middle positioning or control over a certificate in a chain).
- **Attack Vector:** Network.
## Impact
- **Confidentiality:** High (Potential for Man-in-the-Middle attacks to intercept encrypted traffic).
- **Integrity:** High (Potential for session hijacking or data tampering via forged certificates).
- **Availability:** Low.
## Remediation
### Patches
Users should upgrade to the following versions or later:
- **OTP:** 29.0.1, 28.5.0.1, 27.3.4.12, 26.2.5.21
- **Public_key application:** 1.21.1, 1.20.3.1, 1.17.1.3, 1.15.1.7
### Workarounds
No specific official workarounds are provided; however, users can mitigate risk by:
- Implementing strict certificate validation policies in application code.
- Using an external reverse proxy (like NGINX or HAProxy) for TLS termination instead of relying on the native Erlang TLS stack.
## Detection
- **Indicators of Compromise:** Evidence of certificate validation errors in application logs or the presence of non-CA certificates acting as issuers in captured network traffic.
- **Detection Methods:** Vulnerability scanners that check the version of the Erlang runtime and `public_key` dependency.
## References
- Canadian Centre for Cyber Security Advisory AV26-522: hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/erlang-security-advisory-av26-522
- GitHub Advisory (GHSA-22cw-4ph4-6447): hxxps[://]github[.]com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447
- GitHub Advisory (GHSA-c99q-jmpx-v8qq): hxxps[://]github[.]com/erlang/otp/security/advisories/GHSA-c99q-jmpx-v8qq
- GitHub Advisory (GHSA-cjxj-wj6x-3fff): hxxps[://]github[.]com/erlang/otp/security/advisories/GHSA-cjxj-wj6x-3fff
- Erlang Security Policy: hxxps[://]github[.]com/erlang/otp/security