11 matches found
CVE-2026-33471
nimiq-block contains block primitives to be used in Nimiq's Rust implementation. SkipBlockProof::verify computes its quorum check using BitSet.len, then iterates BitSet indices and casts each usize index to u16 slot as u16 for slot lookup. Prior to version 1.3.0, if an attacker can get a...
Integer Overflow
github.com/filecoin-project/go-f3 is vulnerable to a Integer Overflow. The vulnerability is due to improper signer index validation, where a crafted “poison” message can trigger an integer overflow and cause go-f3 to panic, allowing attackers to crash any Filecoin node that directly consumes the...
SUSE CVE-2025-59942
go-f3 is a Golang implementation of Fast Finality for Filecoin F3. In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation,...
CVE-2025-59942
go-f3 is a Golang implementation of Fast Finality for Filecoin F3. In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation,...
CVE-2025-59942
go-f3 is a Golang implementation of Fast Finality for Filecoin F3. In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation,...
CVE-2025-59942 go-f3 module vulnerable to integer overflow leading to panic
go-f3 is a Golang implementation of Fast Finality for Filecoin F3. In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation,...
CVE-2025-59942 go-f3 module vulnerable to integer overflow leading to panic
go-f3 is a Golang implementation of Fast Finality for Filecoin F3. In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation,...
CVE-2025-59942 go-f3 module vulnerable to integer overflow leading to panic
go-f3 is a Golang implementation of Fast Finality for Filecoin F3. In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation,...
GHSA-G99P-47X7-MQ88 go-f3 module vulnerable to integer overflow leading to panic
Impact Filecoin nodes consuming F3 messages are vulnerable. go-f3 panics when it validates a "poison" messages. A "poison" message can can cause integer overflow in the signer index validation. In Lotus' case, the whole node will crash. There is no barrier to entry. An attacker doesn't need any...
go-f3 module vulnerable to integer overflow leading to panic
Impact Filecoin nodes consuming F3 messages are vulnerable. go-f3 panics when it validates a "poison" messages. A "poison" message can can cause integer overflow in the signer index validation. In Lotus' case, the whole node will crash. There is no barrier to entry. An attacker doesn't need any...
PT-2025-39917
Name of the Vulnerable Software and Affected Versions go-f3 versions 0.8.6 and earlier Description go-f3 is a Golang implementation of Fast Finality for Filecoin F3. Versions 0.8.6 and below experience a panic when validating specific "poison" messages. These messages can trigger an integer...