CVE-2026-56810 (GCVE-0-2026-56810)

Vulnerability from cvelistv5 – Published: 2026-07-06 09:17 – Updated: 2026-07-06 15:53
VLAI
Title
mint buffers an entire chunked response chunk in memory in Mint.HTTP1.decode_body/5
Summary
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint (Mint.HTTP1 module) allows a denial of service via an oversized chunked transfer-encoded response. This vulnerability is associated with program files lib/mint/http1.ex and program routines 'Elixir.Mint.HTTP1':decode_body/5, 'Elixir.Mint.HTTP1':add_body_to_buffer/2. When Mint decodes a chunked HTTP response body, it accumulates each partial fragment of the current chunk in the connection's data_buffer (an unbounded iolist) via add_body_to_buffer/2 and does not emit the data to the caller until the full declared chunk length has been received. The chunk size is taken directly from the server and parsed with no upper bound, so a malicious or compromised server can announce one enormous chunk (for example a size line of 7FFFFFFF, about 2 GiB) and then send the body bytes slowly without ever completing the chunk. The client buffers every received byte while it waits for a completion that never arrives, and because no data responses are produced until the chunk finishes, a caller that otherwise streams large content-length bodies safely gains no protection. An unauthenticated remote server (reachable whenever a client follows redirects, fetches user-supplied URLs, or processes webhooks) can drive the client's memory arbitrarily high and trigger an out-of-memory condition. This issue affects mint: from 0.5.0 before 1.9.1.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
EEF
Impacted products
Vendor Product Version
elixir-mint mint Affected: 0.5.0 , < 1.9.1 (semver)
    cpe:2.3:a:elixir-mint:mint:*:*:*:*:*:*:*:*
Create a notification for this product.
elixir-mint mint Affected: c575d819d39ebf7e9b77ec24584a5ffbb11c844e , < 193ce714907d16e8adc4ab3c40e4f0c2f045b2a6 (git)
    cpe:2.3:a:elixir-mint:mint:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Peter Ullrich Andrea Leopardi Jonatan Männchen / EEF Eric Meadows-Jönsson
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-56810",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-06T15:52:57.089606Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-06T15:53:00.170Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/elixir-mint/mint/security/advisories/GHSA-c59h-fq4p-r36r"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.hex.pm",
          "cpes": [
            "cpe:2.3:a:elixir-mint:mint:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "modules": [
            "\u0027Elixir.Mint.HTTP1\u0027"
          ],
          "packageName": "mint",
          "packageURL": "pkg:hex/mint",
          "product": "mint",
          "programFiles": [
            "lib/mint/http1.ex"
          ],
          "programRoutines": [
            {
              "name": "\u0027Elixir.Mint.HTTP1\u0027:decode_body/5"
            },
            {
              "name": "\u0027Elixir.Mint.HTTP1\u0027:add_body_to_buffer/2"
            }
          ],
          "repo": "https://github.com/elixir-mint/mint",
          "vendor": "elixir-mint",
          "versions": [
            {
              "lessThan": "1.9.1",
              "status": "affected",
              "version": "0.5.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://github.com",
          "cpes": [
            "cpe:2.3:a:elixir-mint:mint:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "modules": [
            "\u0027Elixir.Mint.HTTP1\u0027"
          ],
          "packageName": "elixir-mint/mint",
          "packageURL": "pkg:github/elixir-mint/mint",
          "product": "mint",
          "programFiles": [
            "lib/mint/http1.ex"
          ],
          "programRoutines": [
            {
              "name": "\u0027Elixir.Mint.HTTP1\u0027:decode_body/5"
            },
            {
              "name": "\u0027Elixir.Mint.HTTP1\u0027:add_body_to_buffer/2"
            }
          ],
          "repo": "https://github.com/elixir-mint/mint",
          "vendor": "elixir-mint",
          "versions": [
            {
              "lessThan": "193ce714907d16e8adc4ab3c40e4f0c2f045b2a6",
              "status": "affected",
              "version": "c575d819d39ebf7e9b77ec24584a5ffbb11c844e",
              "versionType": "git"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:elixir-mint:mint:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.9.1",
                  "versionStartIncluding": "0.5.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "AND"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Peter Ullrich"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Andrea Leopardi"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Jonatan M\u00e4nnchen / EEF"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Eric Meadows-J\u00f6nsson"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAllocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint (\u003ctt\u003eMint.HTTP1\u003c/tt\u003e module) allows a denial of service via an oversized \u003ctt\u003echunked\u003c/tt\u003e transfer-encoded response.\u003c/p\u003e\u003cp\u003eThis vulnerability is associated with program files \u003ctt\u003elib/mint/http1.ex\u003c/tt\u003e and program routines \u003ctt\u003e\u0027Elixir.Mint.HTTP1\u0027:decode_body/5\u003c/tt\u003e, \u003ctt\u003e\u0027Elixir.Mint.HTTP1\u0027:add_body_to_buffer/2\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eWhen Mint decodes a \u003ctt\u003echunked\u003c/tt\u003e HTTP response body, it accumulates each partial fragment of the current chunk in the connection\u0027s \u003ctt\u003edata_buffer\u003c/tt\u003e (an unbounded iolist) via \u003ctt\u003eadd_body_to_buffer/2\u003c/tt\u003e and does not emit the data to the caller until the full declared chunk length has been received. The chunk size is taken directly from the server and parsed with no upper bound, so a malicious or compromised server can announce one enormous chunk (for example a size line of \u003ctt\u003e7FFFFFFF\u003c/tt\u003e, about 2 GiB) and then send the body bytes slowly without ever completing the chunk. The client buffers every received byte while it waits for a completion that never arrives, and because no data responses are produced until the chunk finishes, a caller that otherwise streams large \u003ctt\u003econtent-length\u003c/tt\u003e bodies safely gains no protection. An unauthenticated remote server (reachable whenever a client follows redirects, fetches user-supplied URLs, or processes webhooks) can drive the client\u0027s memory arbitrarily high and trigger an out-of-memory condition.\u003c/p\u003e\u003cp\u003eThis issue affects mint: from 0.5.0 before 1.9.1.\u003c/p\u003e"
            }
          ],
          "value": "Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint (Mint.HTTP1 module) allows a denial of service via an oversized chunked transfer-encoded response.\n\nThis vulnerability is associated with program files lib/mint/http1.ex and program routines \u0027Elixir.Mint.HTTP1\u0027:decode_body/5, \u0027Elixir.Mint.HTTP1\u0027:add_body_to_buffer/2.\n\nWhen Mint decodes a chunked HTTP response body, it accumulates each partial fragment of the current chunk in the connection\u0027s data_buffer (an unbounded iolist) via add_body_to_buffer/2 and does not emit the data to the caller until the full declared chunk length has been received. The chunk size is taken directly from the server and parsed with no upper bound, so a malicious or compromised server can announce one enormous chunk (for example a size line of 7FFFFFFF, about 2 GiB) and then send the body bytes slowly without ever completing the chunk. The client buffers every received byte while it waits for a completion that never arrives, and because no data responses are produced until the chunk finishes, a caller that otherwise streams large content-length bodies safely gains no protection. An unauthenticated remote server (reachable whenever a client follows redirects, fetches user-supplied URLs, or processes webhooks) can drive the client\u0027s memory arbitrarily high and trigger an out-of-memory condition.\n\nThis issue affects mint: from 0.5.0 before 1.9.1."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-130",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-130 Excessive Allocation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-06T09:17:17.429Z",
        "orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
        "shortName": "EEF"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "related"
          ],
          "url": "https://github.com/elixir-mint/mint/security/advisories/GHSA-c59h-fq4p-r36r"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://cna.erlef.org/cves/CVE-2026-56810.html"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://osv.dev/vulnerability/EEF-CVE-2026-56810"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/elixir-mint/mint/commit/193ce714907d16e8adc4ab3c40e4f0c2f045b2a6"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "mint buffers an entire chunked response chunk in memory in Mint.HTTP1.decode_body/5",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
    "assignerShortName": "EEF",
    "cveId": "CVE-2026-56810",
    "datePublished": "2026-07-06T09:17:17.429Z",
    "dateReserved": "2026-06-23T12:29:02.507Z",
    "dateUpdated": "2026-07-06T15:53:00.170Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-56810\",\"sourceIdentifier\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\",\"published\":\"2026-07-06T11:16:30.983\",\"lastModified\":\"2026-07-06T19:37:48.003\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint (Mint.HTTP1 module) allows a denial of service via an oversized chunked transfer-encoded response.\\n\\nThis vulnerability is associated with program files lib/mint/http1.ex and program routines \u0027Elixir.Mint.HTTP1\u0027:decode_body/5, \u0027Elixir.Mint.HTTP1\u0027:add_body_to_buffer/2.\\n\\nWhen Mint decodes a chunked HTTP response body, it accumulates each partial fragment of the current chunk in the connection\u0027s data_buffer (an unbounded iolist) via add_body_to_buffer/2 and does not emit the data to the caller until the full declared chunk length has been received. The chunk size is taken directly from the server and parsed with no upper bound, so a malicious or compromised server can announce one enormous chunk (for example a size line of 7FFFFFFF, about 2 GiB) and then send the body bytes slowly without ever completing the chunk. The client buffers every received byte while it waits for a completion that never arrives, and because no data responses are produced until the chunk finishes, a caller that otherwise streams large content-length bodies safely gains no protection. An unauthenticated remote server (reachable whenever a client follows redirects, fetches user-supplied URLs, or processes webhooks) can drive the client\u0027s memory arbitrarily high and trigger an out-of-memory condition.\\n\\nThis issue affects mint: from 0.5.0 before 1.9.1.\"}],\"affected\":[{\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\",\"affectedData\":[{\"vendor\":\"elixir-mint\",\"product\":\"mint\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://repo.hex.pm\",\"packageName\":\"mint\",\"cpes\":[\"cpe:2.3:a:elixir-mint:mint:*:*:*:*:*:*:*:*\"],\"modules\":[\"\u0027Elixir.Mint.HTTP1\u0027\"],\"programFiles\":[\"lib/mint/http1.ex\"],\"programRoutines\":[{\"name\":\"\u0027Elixir.Mint.HTTP1\u0027:decode_body/5\"},{\"name\":\"\u0027Elixir.Mint.HTTP1\u0027:add_body_to_buffer/2\"}],\"repo\":\"https://github.com/elixir-mint/mint\",\"packageURL\":\"pkg:hex/mint\",\"versions\":[{\"version\":\"0.5.0\",\"lessThan\":\"1.9.1\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"elixir-mint\",\"product\":\"mint\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://github.com\",\"packageName\":\"elixir-mint/mint\",\"cpes\":[\"cpe:2.3:a:elixir-mint:mint:*:*:*:*:*:*:*:*\"],\"modules\":[\"\u0027Elixir.Mint.HTTP1\u0027\"],\"programFiles\":[\"lib/mint/http1.ex\"],\"programRoutines\":[{\"name\":\"\u0027Elixir.Mint.HTTP1\u0027:decode_body/5\"},{\"name\":\"\u0027Elixir.Mint.HTTP1\u0027:add_body_to_buffer/2\"}],\"repo\":\"https://github.com/elixir-mint/mint\",\"packageURL\":\"pkg:github/elixir-mint/mint\",\"versions\":[{\"version\":\"c575d819d39ebf7e9b77ec24584a5ffbb11c844e\",\"lessThan\":\"193ce714907d16e8adc4ab3c40e4f0c2f045b2a6\",\"versionType\":\"git\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-07-06T15:52:57.089606Z\",\"id\":\"CVE-2026-56810\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"references\":[{\"url\":\"https://cna.erlef.org/cves/CVE-2026-56810.html\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://github.com/elixir-mint/mint/commit/193ce714907d16e8adc4ab3c40e4f0c2f045b2a6\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://github.com/elixir-mint/mint/security/advisories/GHSA-c59h-fq4p-r36r\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://osv.dev/vulnerability/EEF-CVE-2026-56810\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://github.com/elixir-mint/mint/security/advisories/GHSA-c59h-fq4p-r36r\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-56810\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-07-06T15:52:57.089606Z\"}}}], \"references\": [{\"url\": \"https://github.com/elixir-mint/mint/security/advisories/GHSA-c59h-fq4p-r36r\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-07-06T15:52:34.290Z\"}}], \"cna\": {\"title\": \"mint buffers an entire chunked response chunk in memory in Mint.HTTP1.decode_body/5\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Peter Ullrich\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Andrea Leopardi\"}, {\"lang\": \"en\", \"type\": \"analyst\", \"value\": \"Jonatan M\\u00e4nnchen / EEF\"}, {\"lang\": \"en\", \"type\": \"analyst\", \"value\": \"Eric Meadows-J\\u00f6nsson\"}], \"impacts\": [{\"capecId\": \"CAPEC-130\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-130 Excessive Allocation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:elixir-mint:mint:*:*:*:*:*:*:*:*\"], \"repo\": \"https://github.com/elixir-mint/mint\", \"vendor\": \"elixir-mint\", \"modules\": [\"\u0027Elixir.Mint.HTTP1\u0027\"], \"product\": \"mint\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.5.0\", \"lessThan\": \"1.9.1\", \"versionType\": \"semver\"}], \"packageURL\": \"pkg:hex/mint\", \"packageName\": \"mint\", \"programFiles\": [\"lib/mint/http1.ex\"], \"collectionURL\": \"https://repo.hex.pm\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"\u0027Elixir.Mint.HTTP1\u0027:decode_body/5\"}, {\"name\": \"\u0027Elixir.Mint.HTTP1\u0027:add_body_to_buffer/2\"}]}, {\"cpes\": [\"cpe:2.3:a:elixir-mint:mint:*:*:*:*:*:*:*:*\"], \"repo\": \"https://github.com/elixir-mint/mint\", \"vendor\": \"elixir-mint\", \"modules\": [\"\u0027Elixir.Mint.HTTP1\u0027\"], \"product\": \"mint\", \"versions\": [{\"status\": \"affected\", \"version\": \"c575d819d39ebf7e9b77ec24584a5ffbb11c844e\", \"lessThan\": \"193ce714907d16e8adc4ab3c40e4f0c2f045b2a6\", \"versionType\": \"git\"}], \"packageURL\": \"pkg:github/elixir-mint/mint\", \"packageName\": \"elixir-mint/mint\", \"programFiles\": [\"lib/mint/http1.ex\"], \"collectionURL\": \"https://github.com\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"\u0027Elixir.Mint.HTTP1\u0027:decode_body/5\"}, {\"name\": \"\u0027Elixir.Mint.HTTP1\u0027:add_body_to_buffer/2\"}]}], \"references\": [{\"url\": \"https://github.com/elixir-mint/mint/security/advisories/GHSA-c59h-fq4p-r36r\", \"tags\": [\"vendor-advisory\", \"related\"]}, {\"url\": \"https://cna.erlef.org/cves/CVE-2026-56810.html\", \"tags\": [\"related\"]}, {\"url\": \"https://osv.dev/vulnerability/EEF-CVE-2026-56810\", \"tags\": [\"related\"]}, {\"url\": \"https://github.com/elixir-mint/mint/commit/193ce714907d16e8adc4ab3c40e4f0c2f045b2a6\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint (Mint.HTTP1 module) allows a denial of service via an oversized chunked transfer-encoded response.\\n\\nThis vulnerability is associated with program files lib/mint/http1.ex and program routines \u0027Elixir.Mint.HTTP1\u0027:decode_body/5, \u0027Elixir.Mint.HTTP1\u0027:add_body_to_buffer/2.\\n\\nWhen Mint decodes a chunked HTTP response body, it accumulates each partial fragment of the current chunk in the connection\u0027s data_buffer (an unbounded iolist) via add_body_to_buffer/2 and does not emit the data to the caller until the full declared chunk length has been received. The chunk size is taken directly from the server and parsed with no upper bound, so a malicious or compromised server can announce one enormous chunk (for example a size line of 7FFFFFFF, about 2 GiB) and then send the body bytes slowly without ever completing the chunk. The client buffers every received byte while it waits for a completion that never arrives, and because no data responses are produced until the chunk finishes, a caller that otherwise streams large content-length bodies safely gains no protection. An unauthenticated remote server (reachable whenever a client follows redirects, fetches user-supplied URLs, or processes webhooks) can drive the client\u0027s memory arbitrarily high and trigger an out-of-memory condition.\\n\\nThis issue affects mint: from 0.5.0 before 1.9.1.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eAllocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint (\u003ctt\u003eMint.HTTP1\u003c/tt\u003e module) allows a denial of service via an oversized \u003ctt\u003echunked\u003c/tt\u003e transfer-encoded response.\u003c/p\u003e\u003cp\u003eThis vulnerability is associated with program files \u003ctt\u003elib/mint/http1.ex\u003c/tt\u003e and program routines \u003ctt\u003e\u0027Elixir.Mint.HTTP1\u0027:decode_body/5\u003c/tt\u003e, \u003ctt\u003e\u0027Elixir.Mint.HTTP1\u0027:add_body_to_buffer/2\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eWhen Mint decodes a \u003ctt\u003echunked\u003c/tt\u003e HTTP response body, it accumulates each partial fragment of the current chunk in the connection\u0027s \u003ctt\u003edata_buffer\u003c/tt\u003e (an unbounded iolist) via \u003ctt\u003eadd_body_to_buffer/2\u003c/tt\u003e and does not emit the data to the caller until the full declared chunk length has been received. The chunk size is taken directly from the server and parsed with no upper bound, so a malicious or compromised server can announce one enormous chunk (for example a size line of \u003ctt\u003e7FFFFFFF\u003c/tt\u003e, about 2 GiB) and then send the body bytes slowly without ever completing the chunk. The client buffers every received byte while it waits for a completion that never arrives, and because no data responses are produced until the chunk finishes, a caller that otherwise streams large \u003ctt\u003econtent-length\u003c/tt\u003e bodies safely gains no protection. An unauthenticated remote server (reachable whenever a client follows redirects, fetches user-supplied URLs, or processes webhooks) can drive the client\u0027s memory arbitrarily high and trigger an out-of-memory condition.\u003c/p\u003e\u003cp\u003eThis issue affects mint: from 0.5.0 before 1.9.1.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770 Allocation of Resources Without Limits or Throttling\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:elixir-mint:mint:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"1.9.1\", \"versionStartIncluding\": \"0.5.0\"}], \"operator\": \"OR\"}], \"operator\": \"AND\"}], \"providerMetadata\": {\"orgId\": \"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\", \"shortName\": \"EEF\", \"dateUpdated\": \"2026-07-06T09:17:17.429Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-56810\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-06T15:53:00.170Z\", \"dateReserved\": \"2026-06-23T12:29:02.507Z\", \"assignerOrgId\": \"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\", \"datePublished\": \"2026-07-06T09:17:17.429Z\", \"assignerShortName\": \"EEF\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…