{"id":"AZL-67118","summary":"CVE-2025-48038 affecting package erlang for versions less than 25.3.2.21-4","details":"Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.\n\nThis issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.","modified":"2026-04-01T05:21:07.962370Z","published":"2025-09-11T09:15:33Z","upstream":["CVE-2025-48038"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48038"}],"affected":[{"package":{"name":"erlang","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/erlang"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"25.3.2.21-4"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67118.json"}}],"schema_version":"1.7.5"}