CVE-2026-2739

This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.
Configurations

No configuration.

History

20 Feb 2026, 13:49

Type Values Removed Values Added
Summary
  • (es) Esto afecta a las versiones del paquete bn.js anteriores a la 5.2.3. Al llamar a maskn(0) en cualquier instancia de BN se corrompe el estado interno, lo que provoca que toString(), divmod() y otros métodos entren en un bucle infinito, bloqueando el proceso indefinidamente.

20 Feb 2026, 05:17

Type Values Removed Values Added
New CVE

Information

Published : 2026-02-20 05:17

Updated : 2026-02-20 13:49


NVD link : CVE-2026-2739

Mitre link : CVE-2026-2739

CVE.ORG link : CVE-2026-2739


JSON object : View

Products Affected

No product.

CWE
CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')