FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Elixir -- Denial of service via unbounded integer parsing in Version

Affected packages
1.5.0 <= elixir-devel < 1.20.1

Details

VuXML ID f778ad20-0d5f-49c4-af45-4493ff0696d9
Discovery 2026-06-09
Entry 2026-06-09

PJUllrich reports:

The Version module parses numeric version components without length limits. Untrusted input can trigger creation of arbitrary-precision integers, causing CPU and memory exhaustion.

[source]

References

CVE Name CVE-2026-49762
URL https://github.com/elixir-lang/elixir/security/advisories/GHSA-w2h8-8x3g-278p

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.