Skip to content

[GHSA-378v-28hj-76wf] bn.js affected by an infinite loop #7017

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
jochenschmich-aeberle wants to merge 1 commit into from
Closed

[GHSA-378v-28hj-76wf] bn.js affected by an infinite loop #7017

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 26 additions & 7 deletions advisories/github-reviewed/2026/02/GHSA-378v-28hj-76wf/GHSA-378v-28hj-76wf.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,21 +1,17 @@
{
"schema_version": "1.4.0",
"id": "GHSA-378v-28hj-76wf",
"modified": "2026-02-20T21:18:31Z",
"modified": "2026-02-20T21:18:32Z",
"published": "2026-02-20T06:30:39Z",
"aliases": [
"CVE-2026-2739"
],
"summary": "bn.js affected by an infinite loop",
"details": "This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.",
"details": "This affects versions of the package bn.js before 4.12.3 / 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"
Copy link

Copilot AI Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The CVSS v4 score has been modified to remove the Exploit Maturity metric (E:P). The original score was CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P, which indicated that a proof-of-concept exploit exists (E:P).

The updated score CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N removes this exploit maturity information. If a proof-of-concept exploit exists (as referenced in the gist and pull request), removing E:P makes the score less accurate. The Exploit Maturity metric should be retained to provide accurate threat assessment.

Suggested change
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"

Copilot uses AI. Check for mistakes.
Copy link
Author

@jochenschmich-aeberle jochenschmich-aeberle Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot OK, thanks - revert this change - I've introduced it, because I would not be able to save the Advisory form otherwise - the original string was deemed invalid.

}
],
"affected": [
Expand All @@ -37,6 +33,25 @@
]
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "bn.js"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "4.12.3"
}
]
}
]
}
],
"references": [
Expand All @@ -60,6 +75,10 @@
"type": "WEB",
"url": "https://github.com/indutny/bn.js/commit/33df26b5771e824f303a79ec6407409376baa64b"
},
{
"type": "WEB",
"url": "https://github.com/indutny/bn.js/commit/67ecb35dabaf252001b649c12d69c4b57deac6f6"
},
{
"type": "WEB",
"url": "https://gist.github.com/Kr0emer/02370d18328c28b5dd7f9ac880d22a91"
Expand Down
Loading