CVE-2026-33891 in digitalbazaar forge정보

요약 (영어)

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU. Version 1.4.0 patches the issue.

책임이 있는

GitHub_M

예약하다

2026. 03. 24.

공개

2026. 03. 27.

엔트리

VulDB provides additional information and datapoints for this CVE:

아이디	취약성	CWE	악용	대책	CVE
354034	digitalbazaar forge BigInteger.modverse 서비스 거부	835	정의되지 않음	공식 수정	CVE-2026-33891

설명

CPE

CWE

CVSS

익스플로잇

역사

차이

연결하다

위협 인텔리전스

API JSON

API XML

API CSV

◂ 이전개요다음 ▸

Do you know our Splunk app?

Download it now for free!