Home

Description

Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP/2 server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP2.handle_continuation/3 function in lib/mint/http2.ex accumulates the header-block fragment carried by each HTTP/2 CONTINUATION frame into a growing conn.headers_being_processed nesting, one level deeper per frame, and only releases it when a frame with the END_HEADERS flag arrives. The only guard on this accumulator is Mint.HTTP2.assert_header_block_within_max_size/2, which sums the byte size of the fragments received so far. Because a CONTINUATION frame is permitted by the protocol to carry a zero-length payload, an unbounded chain of zero-length CONTINUATION frames adds no bytes to the running total, never trips the size cap, and never emits END_HEADERS, yet each frame still nests the accumulator one level deeper. A malicious HTTP/2 server (reachable directly, via an attacker-controlled redirect, via SSRF, or via a man-in-the-middle) can open a stream by sending a HEADERS frame without END_HEADERS and then stream zero-length CONTINUATION frames indefinitely. Client memory grows one cons cell per frame received; sustained bandwidth from the peer drives the BEAM node running the Mint client to memory exhaustion and eventual out-of-memory termination. This issue affects mint: from 0.1.0 before 1.9.2.

PUBLISHED Reserved 2026-07-04 | Published 2026-07-14 | Updated 2026-07-14 | Assigner EEF




MEDIUM: 6.3CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-770 Allocation of Resources Without Limits or Throttling

Product status

Default status
unaffected

0.1.0 (semver) before 1.9.2
affected

Default status
unaffected

596ca4304504be68939c4929e0831557097962b8 (git) before 5779de1666344b32aefc4354184ea07f902f73ce
affected

Credits

zx (Jace) finder

Andrea Leopardi remediation developer

Eric Meadows-Jönsson remediation reviewer

Jonatan Männchen / EEF analyst

References

github.com/...t/mint/security/advisories/GHSA-8pf6-g464-h6h9 exploit

github.com/...t/mint/security/advisories/GHSA-8pf6-g464-h6h9 vendor-advisory related

cna.erlef.org/cves/CVE-2026-59246.html related

osv.dev/vulnerability/EEF-CVE-2026-59246 related

github.com/...ommit/5779de1666344b32aefc4354184ea07f902f73ce patch

cve.org (CVE-2026-59246)

nvd.nist.gov (CVE-2026-59246)

Download JSON