Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-49759
PUBLISHED
More InfoOfficial Page
Assigner-EEF
Assigner Org ID-6b3ad84c-e1a6-4bf7-a703-f496b71e49db
View Known Exploited Vulnerability (KEV) details
Published At-10 Jun, 2026 | 14:35
Updated At-01 Jul, 2026 | 04:45
Rejected At-
▼CVE Numbering Authority (CNA)
Stack buffer overflow in SCTP error cause parsing in inet_drv allows remote VM crash

Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctp_parse_error_chunk function in erts/emulator/drivers/common/inet_drv.c parses SCTP ERROR chunks and writes cause codes into a fixed-size stack-allocated ErlDrvTermData spec[] array without checking bounds. A remote attacker who has established an SCTP association to a listening port can send a single crafted SCTP ERROR chunk containing enough cause codes to overflow the stack buffer, crashing the VM. The attacker can only write 16-bit values interleaved with a fixed tag, so the overflow does not provide a controlled return address, limiting exploitation to Denial of Service. A crafted SCTP ERROR chunk may also leak bits and pieces of Erlang VM memory into the received error packet observed by the Erlang process. Such data is already readable by the user running the Erlang VM, so the disclosure scope is limited. This issue affects OTP from OTP 17.0 before 27.3.4.13, 28.5.0.2 and 29.0.2, corresponding to erts from 6.0 before 15.2.7.9, 16.4.0.2 and 17.0.2.

Affected Products
Vendor
Erlang
Product
OTP
Package Name
erts
Repo
https://github.com/erlang/otp
CPEs
  • cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
Modules
  • inet_drv
Program Files
  • emulator/drivers/common/inet_drv.c
Program Routines
  • sctp_parse_error_chunk
Default Status
unknown
Versions
Affected
  • From 6.0 before * (otp)
    • -> unaffectedfrom15.2.7.9
    • -> unaffectedfrom16.4.0.2
    • -> unaffectedfrom17.0.2
Vendor
Erlang
Product
OTP
Collection URL
https://github.com
Package Name
erlang/otp
Repo
https://github.com/erlang/otp
CPEs
  • cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
Modules
  • inet_drv
Program Files
  • erts/emulator/drivers/common/inet_drv.c
Program Routines
  • sctp_parse_error_chunk
Default Status
unknown
Versions
Affected
  • From 17.0 before * (otp)
    • -> unaffectedfrom27.3.4.13
    • -> unaffectedfrom28.5.0.2
    • -> unaffectedfrom29.0.2
  • From 84adefa331c4159d432d22840663c38f155cd4c1 before 3983d495284331c121f600a80bac9fcf4e16381e (git)
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121 Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: CWE-121 Stack-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
4.08.8HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-100CAPEC-100 Overflow Buffers
CAPEC ID: CAPEC-100
Description: CAPEC-100 Overflow Buffers
Solutions

Configurations

SCTP support must be compiled into OTP. A listening SCTP socket must be opened via gen_sctp with the default inet backend and must be reachable from the attacker's network. Windows builds are unaffected as SCTP is not supported on Windows.

Workarounds

Exploits

Credits

finder
Zhang Delong
remediation developer
Raimo Niskanen
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/erlang/otp/security/advisories/GHSA-6f4f-chj5-5g97
vendor-advisory
related
https://cna.erlef.org/cves/CVE-2026-49759.html
related
https://osv.dev/vulnerability/EEF-CVE-2026-49759
related
https://www.erlang.org/doc/system/versions.html#order-of-versions
x_version-scheme
https://github.com/erlang/otp/commit/3983d495284331c121f600a80bac9fcf4e16381e
patch
Hyperlink: https://github.com/erlang/otp/security/advisories/GHSA-6f4f-chj5-5g97
Resource:
vendor-advisory
related
Hyperlink: https://cna.erlef.org/cves/CVE-2026-49759.html
Resource:
related
Hyperlink: https://osv.dev/vulnerability/EEF-CVE-2026-49759
Resource:
related
Hyperlink: https://www.erlang.org/doc/system/versions.html#order-of-versions
Resource:
x_version-scheme
Hyperlink: https://github.com/erlang/otp/commit/3983d495284331c121f600a80bac9fcf4e16381e
Resource:
patch
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
2. erlang: Erlang OTP: Denial of Service via crafted SCTP ERROR chunk

A flaw was found in Erlang OTP (Open Telecom Platform) erts, specifically within the `inet_drv` component. An unauthenticated remote attacker can exploit a stack-based buffer overflow vulnerability by sending a specially crafted Stream Control Transmission Protocol (SCTP) ERROR chunk. This can lead to a Denial of Service (DoS) by crashing the BEAM virtual machine. Additionally, this flaw may result in limited information disclosure by leaking small portions of Erlang VM memory.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenStack Platform 16.2
CPEs
  • cpe:/a:redhat:openstack:16.2
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenStack Platform 17.1
CPEs
  • cpe:/a:redhat:openstack:17.1
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenStack Platform 18.0
CPEs
  • cpe:/a:redhat:openstack:18.0
Default Status
unaffected
Problem Types
TypeCWE IDDescription
CWECWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Type: CWE
CWE ID: CWE-120
Description: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Metrics
VersionBase scoreBase severityVector
3.18.2HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Metrics Other Info
Red Hat severity rating
value:
Important
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Reported to Red Hat.2026-06-10 16:01:51
Made public.2026-06-10 14:35:38
Event: Reported to Red Hat.
Date: 2026-06-10 16:01:51
Event: Made public.
Date: 2026-06-10 14:35:38
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/security/cve/CVE-2026-49759
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2487607
issue-tracking
x_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-49759.json
x_sadp-csaf-vex
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-49759
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2487607
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-49759.json
Resource:
x_sadp-csaf-vex
Details not found