GHSA-3w5p-95mh-gq75

Source

https://github.com/advisories/GHSA-3w5p-95mh-gq75

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/06/GHSA-3w5p-95mh-gq75/GHSA-3w5p-95mh-gq75.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-3w5p-95mh-gq75

Aliases

CVE-2026-55254

Published

2026-06-18T13:05:37Z

Modified

2026-06-18T13:15:39.146353524Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

NCalc: Denial of Service via Unbounded and Non-Terminating Factorial Evaluation

Details

Impact

A denial-of-service (DoS) vulnerability exists in the factorial operator implementation of NCalc. Specially crafted expressions containing extremely large factorial operands can trigger excessive CPU consumption or cause evaluation to enter a non-terminating loop due to integer overflow in the factorial calculation logic.

Applications that evaluate untrusted expressions using affected versions of NCalc may be vulnerable to resource exhaustion, potentially resulting in service disruption or application unresponsiveness.

This issue can be triggered with expressions such as:

99999999999999!
9223372036854775807!
1.5e16!

Patches

The vulnerability has been fixed by adding bounds validation for factorial operands and rejecting unsupported values before evaluation.

Users should upgrade to the first release containing the fix from pull request #575. (v6.1.1+)

Workarounds

If upgrading is not immediately possible:

Do not evaluate expressions originating from untrusted users.
Validate or sanitize expressions before evaluation and reject factorial operations on large values.
Implement execution time limits, request timeouts, or cancellation mechanisms around expression evaluation.

These mitigations may reduce exposure but do not fully address the underlying vulnerability.

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-18T13:05:37Z",
    "nvd_published_at": null,
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-190",
        "CWE-770"
    ]
}

References

Affected packages

NuGet / NCalc.Core

Package

Name: NCalc.Core; View open source insights on deps.dev
Purl: pkg:nuget/NCalc.Core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.1

Affected versions

4.*

4.3.0

4.3.1

4.3.2

4.3.3

4.4.0-alpha

5.*

5.0.0

5.1.0

5.2.0

5.2.1

5.2.2

5.2.3

5.2.4

5.2.5

5.2.6

5.2.7

5.2.8

5.2.9

5.2.10

5.2.11

5.3.0

5.3.1

5.4.0

5.4.1

5.4.2

5.5.0-alpha

5.5.0

5.6.0

5.7.0

5.8.0

5.9.0

5.10.0

5.11.0

5.12.0

5.13.0

6.*

6.0.0

6.1.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/06/GHSA-3w5p-95mh-gq75/GHSA-3w5p-95mh-gq75.json"

NuGet / NCalcSync

Package

Name: NCalcSync; View open source insights on deps.dev
Purl: pkg:nuget/NCalcSync

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.1

Affected versions

2.*

2.0.0

3.*

3.0.0

3.1.0

3.2.0

3.3.0

3.4.0

3.5.0

3.6.0

3.7.0

3.8.0

3.9.0

3.10.0

3.11.0

3.12.0

3.13.0

3.13.1

4.*

4.0.0

4.1.0

4.2.0

4.2.1