Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (snyk).
CVSS VectorVendor: snyk
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6Blast Radius
ecosystem impact- 34 npm packages depend on jsrsasign (9 direct, 25 indirect)
Ecosystem-wide dependent count for version 11.1.1.
DescriptionCVE.org
Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values (e.g., modInverse(0, m) or modInverse(-1, m)).
AnalysisAI
The jsrsasign JavaScript library contains an infinite loop vulnerability in the BigInteger.modInverse function that allows remote attackers to permanently hang application processes through specially crafted zero or negative input values. All versions of jsrsasign prior to 11.1.1 are affected by this high-severity denial-of-service condition. A proof-of-concept exploit exists demonstrating the vulnerability, and the CVSS score of 7.5 reflects the ease of exploitation (network-accessible, low complexity, no authentication required).
Technical ContextAI
jsrsasign is a widely-used pure JavaScript cryptographic library implementing RSA, ECDSA, and other asymmetric cryptographic operations, commonly deployed in Node.js applications and browsers for JWT handling, certificate processing, and digital signatures. The vulnerability resides in the bnModInverse function within ext/jsbn2.js, which implements modular multiplicative inverse calculations for big integers (CWE-835: Loop with Unreachable Exit Condition). When the BigInteger.modInverse method receives zero or negative values as input (such as modInverse(0, m) or modInverse(-1, m)), the function enters an infinite loop due to insufficient input validation, causing the JavaScript execution environment to hang indefinitely. The affected product is identified via CPE cpe:2.3:a:n/a:jsrsasign:*:*:*:*:*:*:*:* covering all versions before the patched release.
RemediationAI
Immediately upgrade jsrsasign to version 11.1.1 or later, which includes input validation fixes implemented in commit ca5b027240287a1e71fe63019fc4400332594323 (see pull request at https://github.com/kjur/jsrsasign/pull/648). Organizations should audit all applications using jsrsasign by checking package.json dependencies and transitive dependencies, then update to the patched version through npm or yarn package managers. As an interim mitigation before patching, implement input validation at the application layer to reject zero, negative, or obviously malformed values before passing them to cryptographic functions, and consider rate limiting and timeout mechanisms on API endpoints that perform cryptographic operations to limit the blast radius of denial-of-service attempts. Web application firewalls can be configured to detect and block requests containing suspicious patterns in cryptographic operation parameters.
An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Rated critical severity (CVSS 9.8), this vul
An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Rated critical severity (CVSS 9.8), this vul
The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT
An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. Rated high severity (CVSS 7.5), this vulner
Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP
The jsrsasign JavaScript cryptographic library contains a critical vulnerability in its random number generation functio
In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized
Private key recovery is possible in jsrsasign versions before 11.1.1 when attackers force invalid DSA signatures with ze
Cryptographic signature bypass in jsrsasign before 11.1.1 allows remote attackers to forge DSA signatures and X.509 cert
The jsrsasign JavaScript library before version 11.1.1 contains a vulnerability that allows attackers to break signature
jsrsasign versions before 11.1.1 contain a division by zero vulnerability in RSA public-key operations caused by imprope
Same technique Denial Of Service
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-14371
GHSA-8g7p-jf3g-gxcp