4 matches found
CVE-2026-32605
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.numvalidators...
CVE-2026-32605
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.numvalidators...
CVE-2026-32605
The CVE concerns the Rust implementation of Nimiq PoS (nimiq/core-rs-albatross). Before version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal where signer == validators.num_validators(); the code uses ProposalSender::send with a > bound check inste...
CVE-2026-32605 Nimiq: Remote crash via off-by-one signer bounds check in proposal buffer
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.numvalidators...