EEF-CVE-2026-49760
- Source
- https://cna.erlef.org/osv/EEF-CVE-2026-49760.html
- Import Source
- https://cna.erlef.org/osv/EEF-CVE-2026-49760.json
- JSON Data
- https://api.osv.dev/v1/vulns/EEF-CVE-2026-49760
- Aliases
-
- CVE-2026-49760
- GHSA-xcxj-5pg2-v72j
- Published
- 2026-06-10T14:35:36.804Z
- Modified
- 2026-06-10T15:11:29.370469367Z
- Severity
-
- 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Stack Buffer Overflow in ei_s_print_term at Very Large Integer
- Details
-
Summary
Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface) allows Stack-based Buffer Overflow.
This vulnerability is associated with program file lib/erl_interface/src/misc/ei_printterm.c and program routine ei_s_print_term.
The C function ei_s_print_term uses an internal 2000-character stack buffer to format terms. When called with an encoded Erlang term containing a very large integer (encoded representation exceeding 2000 characters), the buffer overflows. The overflow bytes are restricted to the ASCII values of 0-9 and A-F, which limits exploitation to Denial of Service.
The companion function ei_print_term, which prints directly to a FILE instead of a memory buffer, does not contain this bug.
This issue affects OTP from OTP 17.0 before 27.3.4.13, 28.5.0.2 and 29.0.2, corresponding to erl_interface from 3.7.16 before 5.5.2.1, 5.7.0.1 and 5.8.1.
Workaround
Avoid calling ei_s_print_term with untrusted data whose encoded integer representation could exceed 2000 characters.
- Database specific
{ "cpe_ids": [ "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*" ], "capec_ids": [ "CAPEC-8" ], "cwe_ids": [ "CWE-121" ] }- References
- Credits
-
-
- Jonatan Männchen / EEF - FINDER
-
- Sverker Eriksson - REMEDIATION_DEVELOPER
-