CVE-2026-2739

medium

Description

This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.

References

https://security.snyk.io/vuln/SNYK-JS-BNJS-15274301

https://github.com/indutny/bn.js/pull/317

https://github.com/indutny/bn.js/issues/316

https://github.com/indutny/bn.js/issues/186

https://github.com/indutny/bn.js/commit/33df26b5771e824f303a79ec6407409376baa64b

https://gist.github.com/Kr0emer/02370d18328c28b5dd7f9ac880d22a91

Details

Source: Mitre, NVD

Published: 2026-02-20

Updated: 2026-02-20

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Severity: Medium

CVSS v4

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Severity: Medium