EUVD-2026-14371
GHSA-8g7p-jf3g-gxcp
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4Tags
Description
Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values (e.g., modInverse(0, m) or modInverse(-1, m)).
Analysis
The jsrsasign JavaScript library contains an infinite loop vulnerability in the BigInteger.modInverse function that allows remote attackers to permanently hang application processes through specially crafted zero or negative input values. All versions of jsrsasign prior to 11.1.1 are affected by this high-severity denial-of-service condition. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all applications and dependencies using jsrsasign and document affected systems. Within 7 days: Implement input validation and rate limiting on cryptographic operations, deploy WAF rules to detect/block suspicious BigInteger.modInverse calls with zero/negative values, and isolate affected services using network segmentation. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today