Lucene search
K

4 matches found

OSV
OSV
added 2026/04/22 7:52 p.m.3 views

CVE-2026-34067 nimiq-transaction vulnerable to panic via `HistoryTreeProof` length mismatch

nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, HistoryTreeProof::verify panics on a malformed proof where history.len != positions.len due to asserteq!history.len, positions.len. The proof object is derived from untrusted p2...

3.1CVSS5.9AI score0.00318EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/22 7:20 p.m.12 views

nimiq-transaction: Panic via `HistoryTreeProof` length mismatch

Impact HistoryTreeProof::verify panics on a malformed proof where history.len != positions.len due to asserteq!history.len, positions.len. The proof object is derived from untrusted p2p responses ResponseTransactionsProof.proof and is therefore attacker-controlled at the network boundary until...

6.5CVSS5.8AI score0.00318EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/22 7:20 p.m.7 views

GHSA-264V-M8FM-76JM nimiq-transaction: Panic via `HistoryTreeProof` length mismatch

Impact HistoryTreeProof::verify panics on a malformed proof where history.len != positions.len due to asserteq!history.len, positions.len. The proof object is derived from untrusted p2p responses ResponseTransactionsProof.proof and is therefore attacker-controlled at the network boundary until...

3.1CVSS5.8AI score0.00318EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.11 views

PT-2026-34554

Impact HistoryTreeProof::verify panics on a malformed proof where history.len != positions.len due to assert eq!history.len, positions.len. The proof object is derived from untrusted p2p responses ResponseTransactionsProof.proof and is therefore attacker-controlled at the network boundary until...

3.1CVSS5.8AI score0.00318EPSS
Exploits0References8
Rows per page
Query Builder