CVE-2026-49759

Published: Giu 10, 2026 Last Modified: Giu 15, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,8

Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

HIGH 8,2

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: low

Integrity: none

Availability: high

Description

AI Translation Available

Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk.

The sctp_parse_error_chunk function in erts/emulator/drivers/common/inet_drv.c parses SCTP ERROR chunks and writes cause codes into a fixed-size stack-allocated ErlDrvTermData spec[] array without checking bounds. A remote attacker who has established an SCTP association to a listening port can send a single crafted SCTP ERROR chunk containing enough cause codes to overflow the stack buffer, crashing the VM. The attacker can only write 16-bit values interleaved with a fixed tag, so the overflow does not provide a controlled return address, limiting exploitation to Denial of Service.

A crafted SCTP ERROR chunk may also leak bits and pieces of Erlang VM memory into the received error packet observed by the Erlang process. Such data is already readable by the user running the Erlang VM, so the disclosure scope is limited.

This issue affects OTP from OTP 17.0 before 27.3.4.13, 28.5.0.2 and 29.0.2, corresponding to erts from 6.0 before 15.2.7.9, 16.4.0.2 and 17.0.2.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0010

Percentile

0,3th

Updated

EPSS Score Trend (Last 6 Days)

121

Stack-based Buffer Overflow

Draft

Abstraction: Variant Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Integrity Confidentiality Access Control Other

Potential Impacts:

Modify Memory Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Execute Unauthorized Code Or Commands Bypass Protection Mechanism Other

Applicable Platforms

View Detailed Analysis


                  cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://cna.erlef.org/cves/CVE-2026-49759.html

https://github.com/erlang/otp/commit/3983d495284331c121f600…

https://github.com/erlang/otp/commit/3983d495284331c121f600a80bac9fcf4e16381e

https://github.com/erlang/otp/security/advisories/GHSA-6f4f…

https://github.com/erlang/otp/security/advisories/GHSA-6f4f-chj5-5g97

https://osv.dev/vulnerability/EEF-CVE-2026-49759

https://www.erlang.org/doc/system/versions.html#order-of-ve…

https://www.erlang.org/doc/system/versions.html#order-of-versions

CVE-2026-49759

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 6 Days)

Stack-based Buffer Overflow

Common Consequences

Applicable Platforms

Erts by Erlang

Product Information

Erts by Erlang

Product Information

Erlang\/Otp by Erlang

Product Information

Erlang\/Otp by Erlang

Product Information

Erts by Erlang

Product Information

Erlang\/Otp by Erlang

Product Information

Iscriviti alla newsletter