AZL-78290

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-78290.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-78290

Upstream

CVE-2026-2739

Published

2026-02-20T05:17:53Z

Modified

2026-04-01T05:23:12.641689Z

Summary

CVE-2026-2739 affecting package reaper 3.1.1-22

Details

This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.

References

https://nvd.nist.gov/vuln/detail/CVE-2026-2739

Affected packages

Azure Linux:2 / reaper

Package

Name: reaper
Purl: pkg:rpm/azure-linux/reaper

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

3.1.1-22

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-78290.json"