18 matches found
Integer Overflow
github.com/filecoin-project/go-f3 is vulnerable to a Integer Overflow. The vulnerability is due to improper signer index validation, where a crafted “poison” message can trigger an integer overflow and cause go-f3 to panic, allowing attackers to crash any Filecoin node that directly consumes the...
SUSE CVE-2025-59941
go-f3 is a Golang implementation of Fast Finality for Filecoin F3. In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker can bypass...
SUSE CVE-2025-59942
go-f3 is a Golang implementation of Fast Finality for Filecoin F3. In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation,...
GO-2025-3989 go-f3 Vulnerable to Cached Justification Verification Bypass in github.com/filecoin-project/go-f3
go-f3 Vulnerable to Cached Justification Verification Bypass in github.com/filecoin-project/go-f3...
GO-2025-3990 go-f3 module vulnerable to integer overflow leading to panic in github.com/filecoin-project/go-f3
go-f3 module vulnerable to integer overflow leading to panic in github.com/filecoin-project/go-f3...
CVE-2025-59942
go-f3 is a Golang implementation of Fast Finality for Filecoin F3. In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation,...
CVE-2025-59941
go-f3 is a Golang implementation of Fast Finality for Filecoin F3. In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker can bypass...
CVE-2025-59942
go-f3 is a Golang implementation of Fast Finality for Filecoin F3. In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation,...
CVE-2025-59942
The CVE-2025-59942 entry affects the go-f3 module (Golang implementation of Fast Finality for Filecoin). The vulnerability is an integer overflow in signer index validation that occurs when processing a crafted “poison” message, causing a panic and potential node crash. Affected are go-f3 version...
CVE-2025-59942 go-f3 module vulnerable to integer overflow leading to panic
go-f3 is a Golang implementation of Fast Finality for Filecoin F3. In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation,...
CVE-2025-59942 go-f3 module vulnerable to integer overflow leading to panic
go-f3 is a Golang implementation of Fast Finality for Filecoin F3. In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation,...
CVE-2025-59942 go-f3 module vulnerable to integer overflow leading to panic
go-f3 is a Golang implementation of Fast Finality for Filecoin F3. In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation,...
CVE-2025-59941 go-f3 is Vulnerable to Cached Justification Verification Bypass
go-f3 is a Golang implementation of Fast Finality for Filecoin F3. In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker can bypass...
CVE-2025-59941 go-f3 is Vulnerable to Cached Justification Verification Bypass
go-f3 is a Golang implementation of Fast Finality for Filecoin F3. In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker can bypass...
CVE-2025-59941
go-f3 (Filecoin Fast Finality, a Go implementation) contains a vulnerability in its justification verification caching in versions ≤ 0.8.8, where cached results are not context-aware, allowing an attacker to reuse a valid justification in an invalid message context. The issue is fixed in version ...
GHSA-G99P-47X7-MQ88 go-f3 module vulnerable to integer overflow leading to panic
Impact Filecoin nodes consuming F3 messages are vulnerable. go-f3 panics when it validates a "poison" messages. A "poison" message can can cause integer overflow in the signer index validation. In Lotus' case, the whole node will crash. There is no barrier to entry. An attacker doesn't need any...
go-f3 Vulnerable to Cached Justification Verification Bypass
Description A vulnerability exists in go-f3's justification verification caching mechanism where verification results are cached without properly considering the context of the message. An attacker can bypass justification verification by: 1. First submitting a valid message with a correct...
PT-2025-39917
Name of the Vulnerable Software and Affected Versions go-f3 versions 0.8.6 and earlier Description go-f3 is a Golang implementation of Fast Finality for Filecoin F3. Versions 0.8.6 and below experience a panic when validating specific "poison" messages. These messages can trigger an integer...