The Erlang/OTP is a set of libraries for the Erlang programming language. It's used in various applications to provide SSH server functionality. The vulnerability allows an attacker to perform unauthenticated remote code execution (RCE) by exploiting a flaw in SSH protocol message handling.
You're affected if you use Erlang/OTP versions >= 17.0, regardless of the underlying version. Check with: otp_info --version or erl -E otp_info --version
Note: This is Erlang/OTP, not OpenSSH or similar products.
Update to OTP-27.3.3 (for OTP-27), OTP-26.2.5.11 (for OTP-26), or OTP-25.3.2.20 (for OTP-25) from the official GitHub repository: https://github.com/erlang/otp/releases
- Temporary workaround: Disable the SSH server or prevent access via firewall rules until you can upgrade.