6 matches found
EEF-CVE-2026-58226 Unauthenticated denial-of-service via unbounded HPACK integer decoding in hpax
Summary Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding. hpax decodes HPACK variable-length integers with no upper bound on the decoded value or the number of continuation octets...
CVE-2026-58226
Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding. hpax decodes HPACK variable-length integers with no upper bound on the decoded value or the number of continuation octets...
CVE-2026-49762
The CVE affects Elixir’s standard library Version module (Version.parse/1, parse!/1, parse_requirement/1, match?/3, compare/2). A numeric component in version strings is converted to integers without bounds, enabling an attacker to cause CPU and memory exhaustion (DoS) by supplying a large all-di...
EEF-CVE-2026-49762 Unbounded integer parsing in the Version module enables CPU and memory exhaustion denial of service
Summary Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service through CPU and memory exhaustion. The version parser converts numeric version components major, minor, patch and...
Elixir -- Denial of service via unbounded integer parsing in Version
PJUllrich reports: The Version module parses numeric version components without length limits. Untrusted input can trigger creation of arbitrary-precision integers, causing CPU and memory exhaustion...
Elixir -- Denial of service via unbounded integer parsing in Version
PJUllrich reports: The Version module parses numeric version components without length limits. Untrusted input can trigger creation of arbitrary-precision integers, causing CPU and memory exhaustion...