The Erlang Ecosystem Foundation reveals that 35.8% of their CVEs stem from atom exhaustion vulnerabilities, a critical Denial-of-Service (DoS) issue in BEAM languages. The problem arises when atoms are dynamically created from untrusted input, filling the global atom table and crashing the VM. The article provides concrete examples of dangerous patterns in both Erlang and Elixir, along with safer alternatives like using lookup tables or existing-atom variants.
Background
Atoms in BEAM languages (Erlang/Elixir) are immutable constants stored in a global table that is not garbage collected, making them a finite resource. When new atoms are created from untrusted input, it can lead to atom exhaustion, causing the entire VM to crash.
- Source
- Lobsters
- Published
- May 28, 2026 at 12:48 AM
- Score
- 7.0 / 10