CNNVD-202601-4446 Information

Jan 27, 2026 cve

CNNVD ID

CNNVD-202601-4446

CVE-2026-24783

CNNVD Published: 2026-01-27

Description (Chinese)

soroban-fixed-point-math是Script3开源的一个数学计算代码库。 soroban-fixed-point-math 1.3.0版本和1.4.0版本存在安全漏洞，该漏洞源于mulDiv函数错误处理负中间乘积和负除数的情况，可能导致舍入方向错误。

Description (English)

Soroban-fixed-point-masth is a mathematical calculator for Script3 open source. There is a security loophole in versions 1.3.0 and 1.4.0 of soroban-fixed-point-math, which stems from the muldiv function ’ s error in the handling of negative intermediate multipliers and negative demarches, which may lead to rounding error.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Script3

Published

2026-01-27

Last Modified

2026-02-24

References

https://github.com/script3/soroban-fixed-point-math/commit/c9233f7094198a49ed66a4d75786a8a3755c936a https://github.com/script3/soroban-fixed-point-math/releases/tag/v1.3.1 https://github.com/script3/soroban-fixed-point-math/releases/tag/v1.4.1 https://github.com/script3/soroban-fixed-point-math/security/advisories/GHSA-x5m4-43jf-hh65

Patch

https://github.com/script3/soroban-fixed-point-math/releases

Share on: