FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Elixir -- Denial of service via unbounded integer parsing in Version

Affected packages
1.5.0 <= elixir <= 1.19.5

Details

VuXML ID 45accfb8-56e4-41b7-8463-572ce643fde0
Discovery 2026-06-09
Entry 2026-06-09

PJUllrich reports:

The Version module parses numeric version components without length limits. Untrusted input can trigger creation of arbitrary-precision integers, causing CPU and memory exhaustion.

[source]

References

CVE Name CVE-2026-49762
URL https://github.com/elixir-lang/elixir/security/advisories/GHSA-w2h8-8x3g-278p

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.