CVE-2026-2739 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and othe…
Medium CVSS: 5.5

CVE-2026-2739

This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.
Vendor
-
Product
-
CWE
CWE-835
Yayın Tarihi
2026-02-20 05:17:53
Güncelleme
2026-02-20 13:49:47
Source Identifier
report@snyk.io
KEV Date Added
-

Kategoriler

CWE-835 MEDIUM 2026

Referanslar

https://gist.github.com/Kr0emer/02370d18328c28b5dd7f9ac880d22a91 https://github.com/indutny/bn.js/commit/33df26b5771e824f303a79ec6407409376baa64b https://github.com/indutny/bn.js/issues/186 https://github.com/indutny/bn.js/issues/316 https://github.com/indutny/bn.js/pull/317 https://security.snyk.io/vuln/SNYK-JS-BNJS-15274301