Find, fix and prevent vulnerabilities in your code.
medium severity
- Vulnerable module: bn.js
- Introduced through: near-api-js@0.44.2
Detailed paths
-
Introduced through: near-rpc-providers@blockcoders/near-rpc-providers#e47765154f6980181a6968a6322fa9e5aade3158 › near-api-js@0.44.2 › bn.js@5.2.0Remediation: Upgrade to near-api-js@4.0.0.
Overview
Affected versions of this package are vulnerable to Infinite loop. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.
PoC
const BN = require('bn.js'); // any version up to 5.2.2
const x = new BN('1', 10).maskn(0);
// Internal state is now corrupted:
console.log('x.words.length =', x.words.length); // 1
console.log('x.length =', x.length); // 0 (INVALID - should be >= 1)
console.log('x.isZero() =', x.isZero()); // false (WRONG - should be true)
// This will hang forever:
// console.log(x.toString());
Remediation
Upgrade bn.js to version 4.12.3, 5.2.3 or higher.
References
medium severity
- Vulnerable module: elliptic
- Introduced through: @ethersproject/providers@5.8.0
Detailed paths
-
Introduced through: near-rpc-providers@blockcoders/near-rpc-providers#e47765154f6980181a6968a6322fa9e5aade3158 › @ethersproject/providers@5.8.0 › @ethersproject/transactions@5.8.0 › @ethersproject/signing-key@5.8.0 › elliptic@6.6.1
-
Introduced through: near-rpc-providers@blockcoders/near-rpc-providers#e47765154f6980181a6968a6322fa9e5aade3158 › @ethersproject/providers@5.8.0 › @ethersproject/abstract-provider@5.8.0 › @ethersproject/transactions@5.8.0 › @ethersproject/signing-key@5.8.0 › elliptic@6.6.1
-
Introduced through: near-rpc-providers@blockcoders/near-rpc-providers#e47765154f6980181a6968a6322fa9e5aade3158 › @ethersproject/providers@5.8.0 › @ethersproject/abstract-signer@5.8.0 › @ethersproject/abstract-provider@5.8.0 › @ethersproject/transactions@5.8.0 › @ethersproject/signing-key@5.8.0 › elliptic@6.6.1
-
Introduced through: near-rpc-providers@blockcoders/near-rpc-providers#e47765154f6980181a6968a6322fa9e5aade3158 › @ethersproject/providers@5.8.0 › @ethersproject/hash@5.8.0 › @ethersproject/abstract-signer@5.8.0 › @ethersproject/abstract-provider@5.8.0 › @ethersproject/transactions@5.8.0 › @ethersproject/signing-key@5.8.0 › elliptic@6.6.1
Overview
elliptic is a fast elliptic-curve cryptography implementation in plain javascript.
Affected versions of this package are vulnerable to Use of a Cryptographic Primitive with a Risky Implementation due to the incorrect computation of the byte-length of k value with leading zeros resulting in its truncation. An attacker can obtain the secret key by analyzing both a faulty signature generated by a vulnerable implementation and a correct signature for the same inputs.
Note:
There is a distinct but related issue CVE-2024-48948.
Remediation
There is no fixed version for elliptic.