Skip to content

Commit 15ca792

Browse files
advisory-database[bot]advisory-database[bot]
committed
1 parent caae1cc commit 15ca792

1 file changed

Lines changed: 34 additions & 5 deletions

File tree

advisories/unreviewed/2026/02/GHSA-378v-28hj-76wf/GHSA-378v-28hj-76wf.json renamed to advisories/github-reviewed/2026/02/GHSA-378v-28hj-76wf/GHSA-378v-28hj-76wf.json

Lines changed: 34 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,12 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-378v-28hj-76wf",
4-
"modified": "2026-02-20T06:30:39Z",
4+
"modified": "2026-02-20T21:18:31Z",
55
"published": "2026-02-20T06:30:39Z",
66
"aliases": [
77
"CVE-2026-2739"
88
],
9+
"summary": "bn.js affected by an infinite loop",
910
"details": "This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.",
1011
"severity": [
1112
{
@@ -14,10 +15,30 @@
1415
},
1516
{
1617
"type": "CVSS_V4",
17-
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"
19+
}
20+
],
21+
"affected": [
22+
{
23+
"package": {
24+
"ecosystem": "npm",
25+
"name": "bn.js"
26+
},
27+
"ranges": [
28+
{
29+
"type": "ECOSYSTEM",
30+
"events": [
31+
{
32+
"introduced": "0"
33+
},
34+
{
35+
"fixed": "5.2.3"
36+
}
37+
]
38+
}
39+
]
1840
}
1941
],
20-
"affected": [],
2142
"references": [
2243
{
2344
"type": "ADVISORY",
@@ -43,6 +64,14 @@
4364
"type": "WEB",
4465
"url": "https://gist.github.com/Kr0emer/02370d18328c28b5dd7f9ac880d22a91"
4566
},
67+
{
68+
"type": "PACKAGE",
69+
"url": "https://github.com/indutny/bn.js"
70+
},
71+
{
72+
"type": "WEB",
73+
"url": "https://github.com/indutny/bn.js/releases/tag/v5.2.3"
74+
},
4675
{
4776
"type": "WEB",
4877
"url": "https://security.snyk.io/vuln/SNYK-JS-BNJS-15274301"
@@ -53,8 +82,8 @@
5382
"CWE-835"
5483
],
5584
"severity": "MODERATE",
56-
"github_reviewed": false,
57-
"github_reviewed_at": null,
85+
"github_reviewed": true,
86+
"github_reviewed_at": "2026-02-20T21:18:31Z",
5887
"nvd_published_at": "2026-02-20T05:17:53Z"
5988
}
6089
}

0 commit comments

Comments
 (0)