Unbounded integer parsing in the Version module enables CPU and memory exhaustion denial of service

...

FreeBSD : Elixir -- Denial of service via unbounded integer parsing in Version (45accfb8-56e4-41b7-8463-572ce643fde0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 45accfb8-56e4-41b7-8463-572ce643fde0 advisory. PJUllrich reports: The Version module parses numeric version components without length limits. Untruste...

FreeBSD : Elixir -- Denial of service via unbounded integer parsing in Version (f778ad20-0d5f-49c4-af45-4493ff0696d9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f778ad20-0d5f-49c4-af45-4493ff0696d9 advisory. PJUllrich reports: The Version module parses numeric version components without length limits. Untruste...

CVE-2026-49762 Unbounded integer parsing in the Version module enables CPU and memory exhaustion denial of service

Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service through CPU and memory exhaustion. The version parser converts numeric version components major, minor, patch and numeric...

CVE-2026-49762 Unbounded integer parsing in the Version module enables CPU and memory exhaustion denial of service

Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service through CPU and memory exhaustion. The version parser converts numeric version components major, minor, patch and numeric...

OESA-2026-2487 jq security update

jq is a lightweight and flexible command-line JSON processor. you can use it to slice and filter and map and transform structured data. It is written in portable C, and it has zero runtime dependencies. it can mangle the data format that you have into the one that you want. Security Fixes: jq is ...

EUVD-2026-33314

mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory safety vulnerability was identified in the OER decoding skeleton files generated by asn1c specifically INTEGERoer.c. When parsing a maliciously crafted, zero-length OER payload for a variable-length, non-negative INTEGER type, th...

CVE-2023-7345

Affected software: Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7. Root cause: Integer parsing vulnerability in EIP-712 message handling due to incorrect hexadecimal field parsing when values have an odd number of characters. Impact: Attackers could obtain signatures ...

Ledger Live 代码问题漏洞

Ledger Live is an encrypted asset management application developed by the French company Ledger. Versions of Ledger Live prior to 6.34.7 contained a code vulnerability caused by integer parsing issues. This vulnerability allowed attackers to manipulate EIP-712 type data messages by exploiting...

PT-2026-42019

Name of the Vulnerable Software and Affected Versions ledgerhq/hw-app-eth versions prior to 6.34.7 Description An integer parsing issue exists where incorrect hexadecimal field parsing occurs when values contain an odd number of characters. This allows attackers to manipulate EIP-712 typed data...

jq 输入验证错误漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.1 and earlier have a vulnerability related to input validation errors. This vulnerability arises when decNumberFromString receives an integer with exactly INTMAX-1 digits. During signed integer...

Linux Distros Unpatched Vulnerability : CVE-2026-43894

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jq is a command-line JSON processor. In 1.8.1 and earlier, when decNumberFromString is given a number literal of INTMAX-1 2147483646 digits, the D2U macro...

Security Bulletin: UltraJSON Memory Leak in Large Integer Parsing Enables Denial of Service

Summary UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.4.0 through 5.11.0 contain an accumulating memory leak in JSON parsing large outside of the range -2^63, 2^64 - 1 integers. The leaked memory is a copy of the string form of the intege...

Astra Linux – Vulnerability in Python 3.7

A flaw was discovered in Python. In algorithms with quadratic time complexity that use non-binary bases, when using int“text”, a system may take 50 milliseconds to parse an int string with 100,000 digits, and 5 seconds for strings with 1,000,000 digits. Functions like float, decimal, int.frombyte...

Astra Linux – Vulnerability in glibc

The wordexp function in the GNU C Library also known as glibc, up to version 2.33, may crash or access arbitrary memory during the parseparam function located in posix/wordexp.c when called with an untrusted, crafted pattern. This could potentially lead to a denial of service or the disclosure of...

EulerOS Virtualization 2.13.0 : python3 (EulerOS-SA-2025-2595)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted...

EulerOS Virtualization 2.13.1 : python3 (EulerOS-SA-2025-2560)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted...

Siemens SIMATIC S7-1500 Incorrect Type Conversion or Cast (CVE-2020-10735)

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using inttext, a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are not...

EulerOS 2.0 SP13 : python3 (EulerOS-SA-2025-2276)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attacke...

EUVD-2020-3159

Malware in sbrugna...