Uncontrolled Resource Consumption vulnerability in ninenines cowlib (cowhttpte module) allows Excessive Allocation. The chunked transfer-encoding parser in cowhttpte accepts an unbounded number of hex digits in the chunk-size field. Each digit causes a bignum multiplication (Len * 16 + digit), so parsing N hex digits requires O(N²) CPU work and O(N) memory. Additionally, when input is drip-fed, the parser discards the accumulated length on each partial read and restarts from zero on resumption, raising the cost to O(N³). An unauthenticated remote attacker can exploit this by sending an HTTP/1.1 request with Transfer-Encoding: chunked and a very long chunk-size hex string to cause denial of service through CPU exhaustion and memory amplification. This vulnerability is associated with program file src/cowhttpte.erl and program routines cowhttpte:streamchunked/2, cowhttpte:chunkedlen/4. This issue affects cowlib: from 0.6.0 before 2.16.1.