Impact
The vulnerability is a time‑of‑check, time‑of‑use race condition in the Erlang/OTP ssl library’s dtls_packet_demux module. When a DTLS client repeatedly sends ClientHello messages from the same source IP and port before the demultiplexer processes the previous packet, the internal key‑value store can trigger a crash. This crash terminates the shared demux process and, because it is used by all DTLS sessions on the listener, it brings down every active DTLS connection on that listener. The only requirement for exploitation is the ability to send UDP datagrams containing valid ClientHello payloads; no authentication or special configuration is required.
Affected Systems
Affecting Erlang:OTP releases 25.3 up to but not including 29.0.3, 28.5.0.3, and 27.3.4.14, the vulnerability is tied to the ssl library versions 10.9 up to but not including 11.7.3, 11.6.0.3, and 11.2.12.10. Systems running any of these releases are susceptible to the deterministic denial‑of-service caused by an unauthenticated remote attacker.
Risk and Exploitability
The CVSS score of 8.7 indicates high severity, while the EPSS score of < 1% indicates a very low but nonzero exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is the network, and the failure occurs before any DTLS handshake or authentication. Because an attacker can trigger the crash repeatedly, the risk of sustained denial of service to all clients of the affected listener is high. The exploit requires only the ability to transmit UDP packets to the listener’s DTLS port, making mitigation in the operating environment, such as upgrading to a patched OTP version or applying rate limiting, essential.
OpenCVE Enrichment