Описание
This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.
A flaw was found in bn.js. When calling the maskn(0) function on a BN instance, there is potential for this action to corrupt the internal state of the library, causing critical methods such as toString() and divmod() to enter an infinite loop. The primary consequence is a Denial of Service (DoS), where the affected process hangs indefinitely.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch6-rhel9 | Out of support scope | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch-operator-bundle | Out of support scope | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch-proxy-rhel9 | Out of support scope | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch-rhel9-operator | Out of support scope | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/kibana6-rhel8 | Out of support scope | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/logging-curator5-rhel9 | Out of support scope | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-hub-ui-rhel8 | Fix deferred | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-hub-ui-rhel9 | Fix deferred | ||
| OpenShift Service Mesh 2 | openshift-service-mesh/kiali-ossmc-rhel8 | Out of support scope | ||
| OpenShift Service Mesh 3 | openshift-service-mesh/kiali-operator-bundle | Out of support scope |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.
This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.
This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.
This affects versions of the package bn.js before 5.2.3. Calling maskn ...
EPSS
5.3 Medium
CVSS3