Lucene search
K

4 matches found

OSV
OSV
added 2026/06/10 2:35 p.m.9 views

EEF-CVE-2026-49759 Stack buffer overflow in SCTP error cause parsing in inet_drv allows remote VM crash

Summary Stack-based Buffer Overflow vulnerability in Erlang OTP erts inet\drv allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctp\parse\error\chunk function in erts/emulator/drivers/common/inet\drv.c parses SCTP ERROR chunks and writes...

8.8CVSS5.6AI score0.00497EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.10 views

CVE-2026-47067

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The URL parser in src/hackneyurl.erl converts every unrecognized URL scheme to a permanent BEAM atom via binarytoatom/2. BEAM atoms are never garbage-collected and the atom table defaults to a...

8.7CVSS5.8AI score0.00703EPSS
Exploits1References1
CVE
CVE
added 2026/05/25 2:0 p.m.31 views

CVE-2026-47067

Affected software: hackney (Erlang HTTP client). Vulnerability description: The URL parser in src/hackney_url.erl converts every unrecognized URL scheme to a permanent BEAM atom via binary_to_atom/2. BEAM atoms are never garbage-collected, and the atom table maxes out at 1,048,576 entries. An att...

8.7CVSS5.8AI score0.00703EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/04/02 5:42 p.m.17 views

CVE-2026-34593 Ash Framework: Ash.Type.Module.cast_input/2 atom exhaustion via unchecked Module.concat allows BEAM VM crash

Ash Framework is a declarative, extensible framework for building Elixir applications. Prior to version 3.22.0, Ash.Type.Module.castinput/2 unconditionally creates a new Erlang atom via Module.concatvalue for any user-supplied binary string that starts with "Elixir.", before verifying whether the...

8.2CVSS0.00423EPSS
Exploits1References2
Rows per page
Query Builder