Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
不可达退出条件的循环(无限循环)
Vulnerability Title
bn.js 安全漏洞
Vulnerability Description
bn.js是Fedor Indutny个人开发者的一个大数处理库。 bn.js 5.2.3之前版本存在安全漏洞,该漏洞源于在任何BN实例上调用maskn(0)会破坏内部状态,导致toString、divmod等方法进入无限循环,可能使进程无限期挂起。
CVSS Information
N/A
Vulnerability Type
N/A