{"id":"CVE-2022-37026","details":"In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.","modified":"2026-04-09T08:56:31.939109Z","published":"2022-09-21T14:15:11.223Z","related":["MGASA-2022-0450","SUSE-SU-2022:4215-1","SUSE-SU-2022:4222-1","SUSE-SU-2023:3401-1","SUSE-SU-2023:3409-1","SUSE-SU-2023:4109-1","openSUSE-SU-2024:12416-1","openSUSE-SU-2025:15740-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00012.html"},{"type":"ADVISORY","url":"https://erlangforums.com/c/erlang-news-announcements/91"},{"type":"ADVISORY","url":"https://erlangforums.com/t/otp-25-1-released/1854"},{"type":"FIX","url":"https://github.com/erlang/otp/compare/OTP-23.3.4.14...OTP-23.3.4.15"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/erlang/otp","events":[{"introduced":"0"},{"fixed":"8e9201679129a42c9a2a78940dae83a058be68f2"},{"introduced":"583cba31eb09c14abd0b217fe7ac2e9a60425d51"},{"fixed":"0251f542a2ef42ded2a146649d05ff9e7e457268"},{"introduced":"4ed7957623e5ccbd420a09a506bd6bc9930fe93c"},{"fixed":"ac0c9879c68b23278178a7afe738285b33ff1832"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"23.3.4.15"},{"introduced":"24.0"},{"fixed":"24.3.4.2"},{"introduced":"25.0"},{"fixed":"25.0.2"}]}}],"versions":["OTP-17.0","OTP-18.0","OTP-18.0-rc1","OTP-19.0","OTP-19.0-rc1","OTP-19.0-rc2","OTP-20.0","OTP-20.0-rc1","OTP-20.0-rc2","OTP-21.0","OTP-21.0-rc1","OTP-21.0-rc2","OTP-22.0","OTP-22.0-rc1","OTP-22.0-rc2","OTP-22.0-rc3","OTP-23.0","OTP-23.0-rc1","OTP-23.0-rc2","OTP-23.0-rc3","OTP-23.1","OTP-23.2","OTP-23.3","OTP-23.3.1","OTP-23.3.2","OTP-23.3.3","OTP-23.3.4","OTP-23.3.4.1","OTP-23.3.4.10","OTP-23.3.4.11","OTP-23.3.4.12","OTP-23.3.4.13","OTP-23.3.4.14","OTP-23.3.4.2","OTP-23.3.4.3","OTP-23.3.4.4","OTP-23.3.4.5","OTP-23.3.4.6","OTP-23.3.4.7","OTP-23.3.4.8","OTP-23.3.4.9","OTP-24.0","OTP-24.1","OTP-24.2","OTP-24.3","OTP-24.3.1","OTP-24.3.2","OTP-24.3.3","OTP-24.3.4","OTP-24.3.4.1","OTP-25.0","OTP-25.0.1","OTP_17.0-rc1","OTP_17.0-rc2","OTP_R13B03","OTP_R13B04","OTP_R14A","OTP_R14B","OTP_R14B01","OTP_R14B02","OTP_R14B03","OTP_R15A","OTP_R15B","OTP_R16A_RELEASE_CANDIDATE","OTP_R16B","patch-base-24"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-37026.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}