51 matches found
FreeBSD : Erlang/OTP -- stack overflow in ei_s_print_term for very large integer terms (d87de755-64d4-11f1-ab11-4c526214c986)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d87de755-64d4-11f1-ab11-4c526214c986 advisory. https://github.com/erlang/otp/security/advisories/GHSA-xcxj-5pg2-v72j reports: Fixed a stack overflow i...
CVE-2026-49760
Stack-based Buffer Overflow vulnerability in Erlang OTP erlinterface allows Stack-based Buffer Overflow. This vulnerability is associated with program file lib/erlinterface/src/misc/eiprintterm.c and program routine eisprintterm. The C function eisprintterm uses an internal 2000-character stack...
CVE-2026-49760 Stack Buffer Overflow in ei_s_print_term at Very Large Integer
Stack-based Buffer Overflow vulnerability in Erlang OTP erlinterface allows Stack-based Buffer Overflow. This vulnerability is associated with program file lib/erlinterface/src/misc/eiprintterm.c and program routine eisprintterm. The C function eisprintterm uses an internal 2000-character stack...
EUVD-2026-36052
Stack-based Buffer Overflow vulnerability in Erlang OTP erlinterface allows Stack-based Buffer Overflow. This vulnerability is associated with program file lib/erlinterface/src/misc/eiprintterm.c and program routine eisprintterm. The C function eisprintterm uses an internal 2000-character stack...
CVE-2026-49760 Stack Buffer Overflow in ei_s_print_term at Very Large Integer
Stack-based Buffer Overflow vulnerability in Erlang OTP erlinterface allows Stack-based Buffer Overflow. This vulnerability is associated with program file lib/erlinterface/src/misc/eiprintterm.c and program routine eisprintterm. The C function eisprintterm uses an internal 2000-character stack...
CVE-2026-49760
CVE-2026-49760 is a stack-based buffer overflow in Erlang OTP’s erl_interface ei_s_print_term due to a 2000-character local buffer when formatting very large integers. An encoded term exceeding this size can overflow the buffer, with overflow bytes limited to ASCII 0-9 and A-F, restricting practi...
EEF-CVE-2026-49760 Stack Buffer Overflow in ei_s_print_term at Very Large Integer
Summary Stack-based Buffer Overflow vulnerability in Erlang OTP erl\interface allows Stack-based Buffer Overflow. This vulnerability is associated with program file lib/erl\interface/src/misc/ei\printterm.c and program routine ei\s\print\term. The C function ei\s\print\term uses an internal...
PT-2026-48469
Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 27.3.4.12 Erlang OTP versions 28.x prior to 28.5.0.2 Erlang OTP versions 29.x prior to 29.0.2 erl interface versions 3.7.16 through 5.5.2.0 erl interface versions 5.7.x prior to 5.7.0.1 erl interface versions...
Erlang/OTP -- stack overflow in ei_s_print_term for very large integer terms
https://github.com/erlang/otp/security/advisories/GHSA-xcxj-5pg2-v72j reports: Fixed a stack overflow in eisprintterm in erlinterface for very large integer terms more than 2000 hexadecimal digits long...
Phpseclib needs guardrails on large binaryfield integers
Impact Anyone loading untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc Patches https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f Workarounds No. References...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : UltraJSON vulnerabilities (USN-8219-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8219-1 advisory. Cameron Criswell discovered that UltraJSON contained a memory leak that would occur when parsing large integers. An...
USN-8219-1 ujson vulnerabilities
Cameron Criswell discovered that UltraJSON contained a memory leak that would occur when parsing large integers. An attacker could possibly use this issue to cause UltraJSON to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS...
USN-8219-1: UltraJSON vulnerabilities
Cameron Criswell discovered that UltraJSON contained a memory leak that would occur when parsing large integers. An attacker could possibly use this issue to cause UltraJSON to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS...
MGASA-2026-0073 Updated python-ujson packages fix security vulnerabilities
CVE-2026-32874 ujson 5.4.0 to 5.11.0 inclusive contains an accumulating memory leak in JSON parsing large outside of the range -2^63, 2^64 - 1 integers. ujson 5.4.0 to 5.11.0 has an integer overflow while handling a large indent which leads to a buffer overflow or infinite loop...
Updated python-ujson packages fix security vulnerabilities
CVE-2026-32874 ujson 5.4.0 to 5.11.0 inclusive contains an accumulating memory leak in JSON parsing large outside of the range -2^63, 2^64 - 1 integers. ujson 5.4.0 to 5.11.0 has an integer overflow while handling a large indent which leads to a buffer overflow or infinite loop...
CVE-2026-32874
A flaw was found in UltraJSON, a fast JSON encoder and decoder. A remote attacker can exploit this vulnerability by providing specially crafted JSON input that contains extremely large integers. When UltraJSON attempts to parse these inputs, it leads to an accumulating memory leak. This excessive...
CVE-2026-32874
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.4.0 through 5.11.0 contain an accumulating memory leak in JSON parsing large outside of the range -2^63, 2^64 - 1 integers. The leaked memory is a copy of the string form of the integer plus a...
DEBIAN-CVE-2026-32874
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.4.0 through 5.11.0 contain an accumulating memory leak in JSON parsing large outside of the range -2^63, 2^64 - 1 integers. The leaked memory is a copy of the string form of the integer plus a...
UBUNTU-CVE-2026-32874
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.4.0 through 5.11.0 contain an accumulating memory leak in JSON parsing large outside of the range -2^63, 2^64 - 1 integers. The leaked memory is a copy of the string form of the integer plus a...
CVE-2026-32874
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.4.0 through 5.11.0 contain an accumulating memory leak in JSON parsing large outside of the range -2^63, 2^64 - 1 integers. The leaked memory is a copy of the string form of the integer plus a...