CVE-2026-55254
MEDIUM
4.8
CVSS 3.1
Description
NCalc is a fast, lightweight expression evaluator for .NET. Prior to 6.1.1, the factorial operator implementation in src/NCalc.Core/Helpers/MathHelper.cs permits specially crafted expressions with extremely large factorial operands, causing excessive CPU consumption or a non-terminating loop due to integer overflow in the factorial calculation logic when applications evaluate untrusted expressions. This issue is fixed in version 6.1.1.
Metadata
Severity & Metrics
4.8
MEDIUM CVSS 3.1
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| ncalc | ncalc | — | < 6.1.1 |
Weakness (CWE)
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 4.8 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H |
References (4)
- https://github.com/ncalc/ncalc/security/advisories/GHSA-3w5p-95mh-gq75 https://github.com/ncalc/ncalc/security/advisories/GHSA-3w5p-95mh-gq75
- https://github.com/ncalc/ncalc/pull/575 https://github.com/ncalc/ncalc/pull/575
- https://github.com/ncalc/ncalc/commit/eeb6155ee1899b1fdf2cda3da35a4f0ca93ffd6a https://github.com/ncalc/ncalc/commit/eeb6155ee1899b1fdf2cda3da35a4f0ca93ffd6a
- https://github.com/ncalc/ncalc/releases/tag/v6.1.1 https://github.com/ncalc/ncalc/releases/tag/v6.1.1