the erlang odbc module will also let you overwrite the heap if you aren't careful. it lets you specify a string size for query params and if you pass in a binary/list that is larger than the string size it will just corrupt the heap. if you are not validating client input this can be remotely exploitable. :/