Denial of Service Vulnerability in elixir-mint HTTP Module Affects Multiple Versions
CVE-2026-56810
What is CVE-2026-56810?
The elixir-mint library's Mint.HTTP1 module is prone to a denial of service vulnerability due to unbounded allocation of memory when processing oversized chunked transfer-encoded HTTP responses. An attacker can exploit this flaw by sending an improperly sized chunk response, causing the client to accumulate data in memory without ever completing, potentially leading to an out-of-memory condition. The problem arises from how the library decodes and buffers response data based on server-provided information, which can be manipulated by an unauthenticated remote server. This vulnerability affects versions of mint from 0.5.0 up to but not including 1.9.1.
Affected Version(s)
mint 0.5.0 < 1.9.1
mint c575d819d39ebf7e9b77ec24584a5ffbb11c844e < 193ce714907d16e8adc4ab3c40e4f0c2f045b2a6
References
CVSS V4
Timeline
Vulnerability published
Vulnerability Reserved
