CVE-2026-49760
Published:June 10, 2026
Updated:June 28, 2026
Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface) allows Stack-based Buffer Overflow.
This vulnerability is associated with program file lib/erl_interface/src/misc/ei_printterm.c and program routine ei_s_print_term.
The C function ei_s_print_term uses an internal 2000-character stack buffer to format terms. When called with an encoded Erlang term containing a very large integer (encoded representation exceeding 2000 characters), the buffer overflows. The overflow bytes are restricted to the ASCII values of 0-9 and A-F, which limits exploitation to Denial of Service.
The companion function ei_print_term, which prints directly to a FILE instead of a memory buffer, does not contain this bug.
This issue affects OTP from OTP 17.0 before 27.3.4.13, 28.5.0.2 and 29.0.2, corresponding to erl_interface from 3.7.16 before 5.5.2.1, 5.7.0.1 and 5.8.1.
Affected Packages
https://github.com/erlang/otp.git (GITHUB):
Affected version(s) >=OTP-29.0 <OTP-29.0.2Fix Suggestion:
Update to version OTP-29.0.2https://github.com/erlang/otp.git (GITHUB):
Affected version(s) >=OTP-28.0 <OTP-28.5.0.2Fix Suggestion:
Update to version OTP-28.5.0.2https://github.com/erlang/otp.git (GITHUB):
Affected version(s) >=OTP-17.0 <OTP-27.3.4.13Fix Suggestion:
Update to version OTP-27.3.4.13Related Resources (5)
Do you need more information?
Contact UsCVSS v4
Base Score:
6.9
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.2
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
Weakness Type (CWE)
Stack-based Buffer Overflow
EPSS
Base Score:
0.14