Description
Time-of-check Time-of-use (TOCTOU) race condition vulnerability in Erlang/OTP ssl (dtls_packet_demux module) allows an unauthenticated remote attacker to crash all active DTLS sessions on a listener.

A DTLS server listener uses a single shared dtls_packet_demux gen_server process to route incoming UDP datagrams to the correct connection handler. When a DTLS client reconnects rapidly from the same source address and port (sending multiple ClientHello messages in quick succession), a race condition in the demux's internal gb_trees key-value store causes a {key_exists, {old, Client}} crash, terminating the demux process. Because the demux is shared across all DTLS associations on that listener, its crash immediately kills every active DTLS session, not just the attacker's.

The attack is pre-authentication: the attacker only needs to send UDP datagrams containing valid ClientHello messages from the same source IP and port before the intermediate DOWN monitor message is processed by the gen_server. No credentials, no completed handshake, and no special configuration are required, and the crash can be repeated indefinitely to create a persistent denial of service for all clients of that listener.

This vulnerability is associated with program file lib/ssl/src/dtls_packet_demux.erl.

This issue affects OTP from OTP 25.3 before 29.0.3, 28.5.0.3, and 27.3.4.14 corresponding to ssl from 10.9 before 11.7.3, 11.6.0.3, and 11.2.12.10.
Published: 2026-07-02
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a time‑of‑check, time‑of‑use race condition in the Erlang/OTP ssl library’s dtls_packet_demux module. When a DTLS client repeatedly sends ClientHello messages from the same source IP and port before the demultiplexer processes the previous packet, the internal key‑value store can trigger a crash. This crash terminates the shared demux process and, because it is used by all DTLS sessions on the listener, it brings down every active DTLS connection on that listener. The only requirement for exploitation is the ability to send UDP datagrams containing valid ClientHello payloads; no authentication or special configuration is required.

Affected Systems

Affecting Erlang:OTP releases 25.3 up to but not including 29.0.3, 28.5.0.3, and 27.3.4.14, the vulnerability is tied to the ssl library versions 10.9 up to but not including 11.7.3, 11.6.0.3, and 11.2.12.10. Systems running any of these releases are susceptible to the deterministic denial‑of-service caused by an unauthenticated remote attacker.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity, while the EPSS score of < 1% indicates a very low but nonzero exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is the network, and the failure occurs before any DTLS handshake or authentication. Because an attacker can trigger the crash repeatedly, the risk of sustained denial of service to all clients of the affected listener is high. The exploit requires only the ability to transmit UDP packets to the listener’s DTLS port, making mitigation in the operating environment, such as upgrading to a patched OTP version or applying rate limiting, essential.

Generated by OpenCVE AI on July 3, 2026 at 17:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Erlang/OTP update in which the dtls_packet_demux race condition is fixed; refer to the patch commit e44d2bf01c4473ef2ea7f09e3523cf96de6e4a04.
  • If an immediate upgrade is infeasible, configure network devices or firewalls to rate‑limit inbound DTLS traffic and reject rapid successive ClientHello messages from the same source IP and port.
  • As a last resort, use a custom wrapper or alternative DTLS implementation that isolates session demultiplexing per connection rather than shared, to prevent single‑point crashes.

Generated by OpenCVE AI on July 3, 2026 at 17:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Jul 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Erlang erlang/otp
Erlang otp
Vendors & Products Erlang erlang/otp
Erlang otp

Thu, 02 Jul 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 02 Jul 2026 16:45:00 +0000

Type Values Removed Values Added
Description Time-of-check Time-of-use (TOCTOU) race condition vulnerability in Erlang/OTP ssl (dtls_packet_demux module) allows an unauthenticated remote attacker to crash all active DTLS sessions on a listener. A DTLS server listener uses a single shared dtls_packet_demux gen_server process to route incoming UDP datagrams to the correct connection handler. When a DTLS client reconnects rapidly from the same source address and port (sending multiple ClientHello messages in quick succession), a race condition in the demux's internal gb_trees key-value store causes a {key_exists, {old, Client}} crash, terminating the demux process. Because the demux is shared across all DTLS associations on that listener, its crash immediately kills every active DTLS session, not just the attacker's. The attack is pre-authentication: the attacker only needs to send UDP datagrams containing valid ClientHello messages from the same source IP and port before the intermediate DOWN monitor message is processed by the gen_server. No credentials, no completed handshake, and no special configuration are required, and the crash can be repeated indefinitely to create a persistent denial of service for all clients of that listener. This vulnerability is associated with program file lib/ssl/src/dtls_packet_demux.erl. This issue affects OTP from OTP 25.3 before 29.0.3, 28.5.0.3, and 27.3.4.14 corresponding to ssl from 10.9 before 11.7.3, 11.6.0.3, and 11.2.12.10.
Title DTLS listener crash via race condition in dtls_packet_demux causes denial of service for all sessions
First Time appeared Erlang
Erlang erlang\/otp
Weaknesses CWE-367
CPEs cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
Vendors & Products Erlang
Erlang erlang\/otp
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

Erlang Erlang/otp Erlang\/otp Otp
cve-icon MITRE

Status: PUBLISHED

Assigner: EEF

Published:

Updated: 2026-07-03T04:29:33.147Z

Reserved: 2026-06-17T17:55:15.685Z

Link: CVE-2026-55950

cve-icon Vulnrichment

Updated: 2026-07-02T17:25:49.598Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-03T18:00:12Z

Weaknesses
  • CWE-367

    Time-of-check Time-of-use (TOCTOU) Race Condition