Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface) allows Stack-based Buffer Overflow.
This vulnerability is associated with program file lib/erlinterface/src/misc/eiprintterm.c and program routine eisprint_term.
The C function eisprint_term uses an internal 2000-character stack buffer to format terms. When called with an encoded Erlang term containing a very large integer (encoded representation exceeding 2000 characters), the buffer overflows. The overflow bytes are restricted to the ASCII values of 0-9 and A-F, which limits exploitation to Denial of Service.
The companion function eiprintterm, which prints directly to a FILE instead of a memory buffer, does not contain this bug.
This issue affects OTP from OTP 17.0 before 27.3.4.13, 28.5.0.2 and 29.0.2, corresponding to erl_interface from 3.7.16 before 5.5.2.1, 5.7.0.1 and 5.8.1.
{
"unresolved_ranges": [
{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"introduced": "3.7.16"
},
{
"fixed": "*"
},
{
"introduced": "17.0"
},
{
"fixed": "*"
},
{
"introduced": "84adefa331c4159d432d22840663c38f155cd4c1"
},
{
"fixed": "0bef277b2d39dc8babb9ceb4f5d0a456f3007111"
}
]
}
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/49xxx/CVE-2026-49760.json",
"cna_assigner": "EEF",
"cwe_ids": [
"CWE-121"
]
}{
"source": [
"CPE_RANGE",
"REFERENCES"
],
"cpe": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "17.0"
},
{
"fixed": "27.3.4.13"
},
{
"introduced": "28.0"
},
{
"fixed": "28.5.0.2"
},
{
"introduced": "29.0"
},
{
"fixed": "29.0.2"
}
]
}