Skip to content

Commit ccc95a8

Browse files
Fix for GHSA-378v-28hj-76wf has been backported to bn.js 4.12.3
1 parent f58705f commit ccc95a8

1 file changed

Lines changed: 17 additions & 2 deletions

File tree

advisories/github-reviewed/2026/02/GHSA-378v-28hj-76wf/GHSA-378v-28hj-76wf.json

Lines changed: 17 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,13 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-378v-28hj-76wf",
4-
"modified": "2026-02-20T21:18:31Z",
4+
"modified": "2026-02-23T14:44:00Z",
55
"published": "2026-02-20T06:30:39Z",
66
"aliases": [
77
"CVE-2026-2739"
88
],
99
"summary": "bn.js affected by an infinite loop",
10-
"details": "This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.",
10+
"details": "This affects versions of the package bn.js before 4.12.3 and 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.",
1111
"severity": [
1212
{
1313
"type": "CVSS_V3",
@@ -31,6 +31,17 @@
3131
{
3232
"introduced": "0"
3333
},
34+
{
35+
"fixed": "4.12.3"
36+
}
37+
]
38+
},
39+
{
40+
"type": "ECOSYSTEM",
41+
"events": [
42+
{
43+
"introduced": "5.0.0"
44+
},
3445
{
3546
"fixed": "5.2.3"
3647
}
@@ -60,6 +71,10 @@
6071
"type": "WEB",
6172
"url": "https://github.com/indutny/bn.js/commit/33df26b5771e824f303a79ec6407409376baa64b"
6273
},
74+
{
75+
"type": "WEB",
76+
"url": "https://github.com/indutny/bn.js/commit/67ecb35dabaf252001b649c12d69c4b57deac6f6"
77+
},
6378
{
6479
"type": "WEB",
6580
"url": "https://gist.github.com/Kr0emer/02370d18328c28b5dd7f9ac880d22a91"

0 commit comments

Comments
 (0)