Atom Exhaustion Is Not a Footgun. It's One Third of Our CVEs.
Summary
Atom exhaustion is a denial-of-service vulnerability in BEAM (Erlang/Elixir). Atoms are stored in a global atom table and are not garbage collected; when full, the VM crashes. Creating atoms from user input or non-finite values can lead to latent DoS and CVEs. The article outlines examples in Erlang/Elixir, and recommends avoiding runtime atom creation, using explicit lookup tables or existing-atom variants, and enabling linters like Credo to catch unsafe atom usage.