CVE-2026-2739

This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.
Infinite Loop
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
snykCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://gist.github.com/Kr0emer/02370d18328c28b5dd7f9ac880d22a91
https://github.com/indutny/bn.js/commit/33df26b5771e824f303a79ec6407409376baa64b
https://github.com/indutny/bn.js/issues/186
https://github.com/indutny/bn.js/issues/316
https://github.com/indutny/bn.js/pull/317
https://security.snyk.io/vuln/SNYK-JS-BNJS-15274301