CVE-2026-43894: Decnumberfromstring Unbounded Length
Calling `decNumberFromString` with an unbounded string can lead to an integer overflow in the underlying decNumber library when parsing extremely long numeric literals. This can subsequently result in Out-of-Bounds memory writes. Ensure the string length is strictly validated against a maximum bound before parsing.
Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0
Cβ
Cβgreprules fetch cve-2026-43894-decnumberfromstring-unbounded-length --engine opengrepDescription
Calling `decNumberFromString` with an unbounded string can lead to an integer overflow in the underlying decNumber library when parsing extremely long numeric literals. This can subsequently result in Out-of-Bounds memory writes. Ensure the string length is strictly validated against a maximum bound before parsing.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0