CVE-2025-30211: 
CBL Mariner vulnerability analysis and mitigation

Erlang/OTP, a set of libraries for the Erlang programming language, was found to be vulnerable to excessive memory consumption prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19. The vulnerability (CVE-2025-30211) was disclosed on March 28, 2025, and affects the KEX initialization message handling functionality (GitHub Advisory).

The vulnerability stems from the implementation's failure to verify RFC-specified limits on algorithm names (64 characters) provided in KEX init messages. When a maliciously crafted KEX init packet is received, it leads to inefficient processing of error data, resulting in excessive memory allocation. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating it can be exploited remotely with low attack complexity and requires no privileges or user interaction (GitHub Advisory, Red Hat).

The primary impact of this vulnerability is on system availability through excessive memory consumption. When exploited, the vulnerability can cause large amounts of memory to be allocated for processing malicious data, potentially leading to system resource exhaustion (GitHub Advisory).

The vulnerability has been patched in versions OTP-27.3.1, OTP-26.2.5.10, and OTP-25.3.2.19. For systems that cannot immediately update, two workarounds are available: setting the option 'parallellogin' to false and/or reducing the 'maxsessions' option (GitHub Advisory).