CVE-2026-49760

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 27.3.4.12 Erlang OTP versions 28.x prior to 28.5.0.2 Erlang OTP versions 29.x prior to 29.0.2 erl interface versions 3.7.16 through 5.5.2.0 erl interface versions 5.7.x prior to 5.7.0.1 erl interface versions 5.8.x prior to 5.8.1

Description A stack-based buffer overflow occurs in the ei s print term() function within the lib/erl interface/src/misc/ei printterm.c file. The function utilizes an internal 2000-character stack buffer to format terms. When an encoded Erlang term containing a very large integer with an encoded representation exceeding 2000 characters is processed, the buffer overflows. Because the overflow bytes are limited to ASCII values 0-9 and A-F, the impact is restricted to Denial of Service. The ei print term() function is not affected as it prints directly to a FILE instead of a memory buffer.

Recommendations Update Erlang OTP to version 27.3.4.13, 28.5.0.2, or 29.0.2. Update erl interface to version 5.5.2.1, 5.7.0.1, or 5.8.1. As a temporary workaround, avoid calling the ei s print term() function with untrusted data whose encoded integer representation could exceed 2000 characters.