CVE-2026-4598

High CVSS: 7.7

Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values (e.g., modInverse(0, m) or modInverse(-1, m)).

Vendor

Jsrsasign Project

Product

Jsrsasign

CWE

CWE-835

Yayın Tarihi

2026-03-23 06:16:21

Güncelleme

2026-03-23 16:18:04

Source Identifier

report@snyk.io

KEV Date Added

Kategoriler

CWE-835 Jsrsasign HIGH Jsrsasign Project 2026

Referanslar

https://gist.github.com/Kr0emer/a1bf5cd4547cc630d2dcc5e761de8264 https://github.com/kjur/jsrsasign/commit/ca5b027240287a1e71fe63019fc4400332594323 https://github.com/kjur/jsrsasign/pull/648 https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370938

Benzer Kayıtlar

High

CVE-2026-4602

Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to hand…

Medium

CVE-2026-4603

Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsi…

Critical

CVE-2026-4599

Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Fact…

Critical

CVE-2026-4600

Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via t…

Critical

CVE-2026-4601

Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.sig…