From dbdacb4914ff68282160aa5644649fc45e35c3cd Mon Sep 17 00:00:00 2001
From: jochenschmich-aeberle <jochen.schmich@a-eberle.de>
Date: Mon, 23 Feb 2026 15:47:48 +0100
Subject: [PATCH] Fix for GHSA-378v-28hj-76wf has been backported to bn.js
 4.12.3

---
 .../GHSA-378v-28hj-76wf.json                  | 31 +++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

diff --git a/advisories/github-reviewed/2026/02/GHSA-378v-28hj-76wf/GHSA-378v-28hj-76wf.json b/advisories/github-reviewed/2026/02/GHSA-378v-28hj-76wf/GHSA-378v-28hj-76wf.json
index a03ceb51fe956..13160281e17e2 100644
--- a/advisories/github-reviewed/2026/02/GHSA-378v-28hj-76wf/GHSA-378v-28hj-76wf.json
+++ b/advisories/github-reviewed/2026/02/GHSA-378v-28hj-76wf/GHSA-378v-28hj-76wf.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-378v-28hj-76wf",
-  "modified": "2026-02-20T21:18:31Z",
+  "modified": "2026-02-23T14:44:00Z",
   "published": "2026-02-20T06:30:39Z",
   "aliases": [
     "CVE-2026-2739"
   ],
   "summary": "bn.js affected by an infinite loop",
-  "details": "This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.",
+  "details": "This affects versions of the package bn.js prior to 4.12.3, and versions 5.0.0 up to but not including 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -31,6 +31,25 @@
             {
               "introduced": "0"
             },
+            {
+              "fixed": "4.12.3"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "bn.js"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "5.0.0"
+            },
             {
               "fixed": "5.2.3"
             }
@@ -60,6 +79,10 @@
       "type": "WEB",
       "url": "https://github.com/indutny/bn.js/commit/33df26b5771e824f303a79ec6407409376baa64b"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/indutny/bn.js/commit/67ecb35dabaf252001b649c12d69c4b57deac6f6"
+    },
     {
       "type": "WEB",
       "url": "https://gist.github.com/Kr0emer/02370d18328c28b5dd7f9ac880d22a91"
@@ -72,6 +95,10 @@
       "type": "WEB",
       "url": "https://github.com/indutny/bn.js/releases/tag/v5.2.3"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/indutny/bn.js/releases/tag/v4.12.3"
+    },
     {
       "type": "WEB",
       "url": "https://security.snyk.io/vuln/SNYK-JS-BNJS-15274301"