Resource exhaustion in Ericmj Decimal

CVE-2026-32686

Uncontrolled Resource Consumption vulnerability in ericmj decimal allows unauthenticated remote Denial of Service. The decimal library does not bound the exponent on parsed input. Storing a decimal with a very large exponent (e.g. Decimal…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.000 (8.8th percentile) — read the EPSS interpretation.

Affected products

Ericmj Decimal — versions 0.1.0, bc11f4a2b6fb61fc1360a0ab4e79141bba918841

Weakness classification (CWE)

CWE-400 — Uncontrolled Resource Consumption

References

6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, vendor-advisory)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)