Skip to main content

Decimal

1 CVEs product

Monthly

CVE-2026-32686 MEDIUM POC PATCH GHSA This Month

Uncontrolled resource consumption in ericmj decimal library (versions 0.1.0 before 3.0.0) allows remote denial of service via maliciously crafted decimal values with extremely large exponents. When applications parse user-supplied decimal input and subsequently perform arithmetic operations, string formatting, rounding, or comparison, the library allocates memory proportional to the exponent magnitude without bounds, exhausting available memory and crashing the BEAM virtual machine. A single malicious request is sufficient to trigger an out-of-memory crash.

Denial Of Service Decimal
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
EPSS 0% CVSS 6.9
MEDIUM POC PATCH This Month

Uncontrolled resource consumption in ericmj decimal library (versions 0.1.0 before 3.0.0) allows remote denial of service via maliciously crafted decimal values with extremely large exponents. When applications parse user-supplied decimal input and subsequently perform arithmetic operations, string formatting, rounding, or comparison, the library allocates memory proportional to the exponent magnitude without bounds, exhausting available memory and crashing the BEAM virtual machine. A single malicious request is sufficient to trigger an out-of-memory crash.

Denial Of Service Decimal
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy