Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.8 views

CVE-2026-34067

nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, HistoryTreeProof::verify panics on a malformed proof where history.len != positions.len due to asserteq!history.len, positions.len. The proof object is derived from untrusted p2...

6.5CVSS5.4AI score0.00318EPSS
Exploits0References1
CVE
CVE
added 2026/04/22 7:55 p.m.42 views

CVE-2026-34068

Summary (CVE-2026-34068) Nimiq-transaction’s staking contract (Rust) prior to v1.3.0 accepts UpdateValidator transactions that set new_voting_key=Some(...) without including new_proof_of_knowledge, bypassing the PoK requirement used to prevent BLS rogue-key attacks in aggregated signatures. Since...

6.8CVSS5.7AI score0.00201EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/22 7:52 p.m.28 views

CVE-2026-34067 nimiq-transaction vulnerable to panic via `HistoryTreeProof` length mismatch

nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, HistoryTreeProof::verify panics on a malformed proof where history.len != positions.len due to asserteq!history.len, positions.len. The proof object is derived from untrusted p2...

3.1CVSS0.00318EPSS
Exploits0References4
CVE
CVE
added 2026/04/22 7:52 p.m.11 views

CVE-2026-34067

The CVE-2026-34067 issue affects the nimiq-transaction component in Nimiq’s Rust implementation. Before version 1.3.0, the function HistoryTreeProof::verify panics when a proof is malformed and the arrays history and positions have different lengths, due to the assertion in code. The proof origin...

6.5CVSS5.7AI score0.00318EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2026/04/22 7:22 p.m.9 views

nimiq-account (>=0.1.0 <=0.2.0), nimiq-accounts (>=0.1.0 <=0.2.0) +14 more potentially affected by CVE-2026-34068 via nimiq-transaction (>=0.1.0 <=0.2.0)

nimiq-transaction CARGO version =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2026-34068 Source advisory: OSV:GHSA-PF4J-PF3W-95F9...

6.8CVSS5.8AI score0.00201EPSS
Exploits0
EUVD
EUVD
added 2026/04/22 7:20 p.m.5 views

EUVD-2026-25084

nimiq-transaction: Panic via HistoryTreeProof length mismatch...

3.1CVSS5.7AI score0.00318EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.10 views

PT-2026-34554

Impact HistoryTreeProof::verify panics on a malformed proof where history.len != positions.len due to assert eq!history.len, positions.len. The proof object is derived from untrusted p2p responses ResponseTransactionsProof.proof and is therefore attacker-controlled at the network boundary until...

3.1CVSS5.8AI score0.00318EPSS
Exploits0References8
Rows per page
Query Builder