Lucene search
K

29 matches found

Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.6 views

PT-2026-53684

Name of the Vulnerable Software and Affected Versions leandrocp MDEx versions 0.4.3 through 0.13.1 Description An excessive allocation issue exists when the MDEx.parse document/2 function accepts a :json, json source. The private json to node/1 function passes an attacker-controlled node type val...

8.2CVSS5.9AI score0.00126EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/15 9:56 p.m.8 views

EUVD-2026-37015

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code...

9.2CVSS6.4AI score0.00573EPSS
Exploits0References4
OSV
OSV
added 2026/06/15 9:56 p.m.9 views

EEF-CVE-2026-48853 Remote code execution and denial of service via unsafe Erlang term deserialization in elixir-grpc/grpc

Summary Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote...

9.2CVSS6.5AI score0.00573EPSS
Exploits0References4
NVD
NVD
added 2026/06/11 12:16 p.m.11 views

CVE-2026-53423

Allocation of Resources Without Limits or Throttling vulnerability in membraneframework membranemp4plugin allows unauthenticated denial-of-service via BEAM atom table exhaustion. The MP4 box header parser converts each 4-byte box name to an atom using String.toatom/1 without validation...

5.9CVSS0.00126EPSS
Exploits0References4
NVD
NVD
added 2026/06/02 8:16 p.m.21 views

CVE-2026-48597

Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.openconn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.toatomuri.scheme with no...

8.2CVSS0.00301EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/02 7:8 p.m.39 views

CVE-2026-48597 Atom table exhaustion via untrusted URL scheme in Tesla.Adapter.Mint

Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.openconn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.toatomuri.scheme with no...

8.2CVSS0.00301EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:8 p.m.9 views

CVE-2026-48597

Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.openconn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.toatomuri.scheme with no...

8.2CVSS5.8AI score0.00301EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/25 2:0 p.m.7 views

EEF-CVE-2026-47067 Atom table exhaustion via unrecognized URL schemes in hackney

Summary Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The URL parser in src/hackneyurl.erl converts every unrecognized URL scheme to a permanent BEAM atom via binarytoatom/2. BEAM atoms are never garbage-collected and the atom table default...

8.7CVSS5.8AI score0.00703EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:0 p.m.10 views

CVE-2026-47067

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The URL parser in src/hackneyurl.erl converts every unrecognized URL scheme to a permanent BEAM atom via binarytoatom/2. BEAM atoms are never garbage-collected and the atom table defaults to a...

8.7CVSS5.8AI score0.00703EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.16 views

PT-2026-43065

Name of the Vulnerable Software and Affected Versions hackney versions 2.0.0 through 4.0.0 Description An issue in the URL parser within src/hackney url.erl allows for resource exhaustion. The parser uses the binary to atom/2 function to convert unrecognized URL schemes into permanent BEAM atoms...

8.7CVSS5.8AI score0.00703EPSS
Exploits1References9
OSV
OSV
added 2026/05/20 1:35 p.m.6 views

EEF-CVE-2026-8469 Unauthenticated denial-of-service via BEAM atom table exhaustion in phoenix_storybook

Summary Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenixstorybook allows unauthenticated denial-of-service via BEAM atom table exhaustion. Multiple LiveView event handlers convert user-supplied event parameter strings to atoms using String.toatom/1 witho...

8.2CVSS5.8AI score0.00537EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/08 3:42 p.m.59 views

CVE-2026-42793 Atom table exhaustion via attacker-controlled GraphQL SDL names in absinthe

Allocation of Resources Without Limits or Throttling vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via atom table exhaustion when parsing attacker-controlled GraphQL SDL. Multiple Blueprint.Draft.convert/2 implementations in Absinthe's SDL language modules ca...

8.2CVSS0.00613EPSS
Exploits1References4
OSV
OSV
added 2026/05/05 9:46 p.m.5 views

GHSA-Q8X4-X7MP-5VG2 Plug.Cowboy vulnerable to unauthenticated remote DoS via HTTP/2 `:scheme` atom-table exhaustion

Summary An unauthenticated remote denial-of-service vulnerability in Plug.Cowboy.Conn allows any attacker who can reach an HTTPS Plug.Cowboy listener via HTTP/2 to permanently exhaust the BEAM atom table and crash the entire Erlang VM. Am I Affected? All users running plugcowboy with HTTP/2 may b...

8.7CVSS5.9AI score0.00545EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/27 1:45 p.m.30 views

CVE-2026-32688 Atom table exhaustion via HTTP/2 :scheme pseudo-header in plug_cowboy

Allocation of Resources Without Limits or Throttling vulnerability in elixir-plug plugcowboy allows unauthenticated remote denial of service via atom table exhaustion. Plug.Cowboy.Conn.conn/1 in lib/plug/cowboy/conn.ex calls String.toatom/1 on the value returned by :cowboyreq.scheme/1. For HTTP/2...

8.7CVSS0.00545EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/03 11:1 p.m.3 views

CVE-2026-34593

Ash Framework is a declarative, extensible framework for building Elixir applications. Prior to version 3.22.0, Ash.Type.Module.castinput/2 unconditionally creates a new Erlang atom via Module.concatvalue for any user-supplied binary string that starts with "Elixir.", before verifying whether the...

8.2CVSS5.8AI score0.00423EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/02 5:42 p.m.17 views

CVE-2026-34593 Ash Framework: Ash.Type.Module.cast_input/2 atom exhaustion via unchecked Module.concat allows BEAM VM crash

Ash Framework is a declarative, extensible framework for building Elixir applications. Prior to version 3.22.0, Ash.Type.Module.castinput/2 unconditionally creates a new Erlang atom via Module.concatvalue for any user-supplied binary string that starts with "Elixir.", before verifying whether the...

8.2CVSS0.00423EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/02 5:42 p.m.2 views

CVE-2026-34593 Ash Framework: Ash.Type.Module.cast_input/2 atom exhaustion via unchecked Module.concat allows BEAM VM crash

Ash Framework is a declarative, extensible framework for building Elixir applications. Prior to version 3.22.0, Ash.Type.Module.castinput/2 unconditionally creates a new Erlang atom via Module.concatvalue for any user-supplied binary string that starts with "Elixir.", before verifying whether the...

8.2CVSS5.8AI score0.00423EPSS
Exploits1References2
CVE
CVE
added 2026/04/02 5:42 p.m.14 views

CVE-2026-34593

This CVE affects Ash Framework (Elixir) where Ash.Type.Module.cast_input/2 unconditionally creates a new Erlang atom via Module.concat([value]) for inputs starting with "Elixir." before module existence is verified. The atom creation can exhaust BEAM’s atom table (default ~1,048,576 entries) and ...

8.2CVSS5.8AI score0.00423EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/01 12:14 a.m.5 views

GHSA-JJF9-W5VJ-R6VP Ash.Type.Module.cast_input/2 atom exhaustion via unchecked Module.concat allows BEAM VM crash

Summary Ash.Type.Module.castinput/2 unconditionally creates a new Erlang atom via Module.concatvalue for any user-supplied binary string that starts with "Elixir.", before verifying whether the referenced module exists. Because Erlang atoms are never garbage-collected and the BEAM atom table has ...

8.2CVSS6AI score0.00423EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/04/01 12:14 a.m.16 views

Ash.Type.Module.cast_input/2 atom exhaustion via unchecked Module.concat allows BEAM VM crash

Summary Ash.Type.Module.castinput/2 unconditionally creates a new Erlang atom via Module.concatvalue for any user-supplied binary string that starts with "Elixir.", before verifying whether the referenced module exists. Because Erlang atoms are never garbage-collected and the BEAM atom table has ...

8.2CVSS6AI score0.00423EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder