Lucene search
K

11 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/22 7:13 p.m.4 views

CVE-2026-33471

nimiq-block contains block primitives to be used in Nimiq's Rust implementation. SkipBlockProof::verify computes its quorum check using BitSet.len, then iterates BitSet indices and casts each usize index to u16 slot as u16 for slot lookup. Prior to version 1.3.0, if an attacker can get a...

9.6CVSS5.7AI score0.00217EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2025/12/02 7:12 a.m.6 views

Integer Overflow

github.com/filecoin-project/go-f3 is vulnerable to a Integer Overflow. The vulnerability is due to improper signer index validation, where a crafted “poison” message can trigger an integer overflow and cause go-f3 to panic, allowing attackers to crash any Filecoin node that directly consumes the...

7.5CVSS7.2AI score0.00312EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2025/10/24 11:23 p.m.6 views

SUSE CVE-2025-59942

go-f3 is a Golang implementation of Fast Finality for Filecoin F3. In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation,...

7.5CVSS7.1AI score0.00312EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/30 11:47 p.m.7 views

CVE-2025-59942

go-f3 is a Golang implementation of Fast Finality for Filecoin F3. In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation,...

7.5CVSS7AI score0.00312EPSS
Exploits0References1
NVD
NVD
added 2025/09/29 11:15 p.m.6 views

CVE-2025-59942

go-f3 is a Golang implementation of Fast Finality for Filecoin F3. In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation,...

7.5CVSS0.00312EPSS
Exploits0References1
OSV
OSV
added 2025/09/29 10:50 p.m.5 views

CVE-2025-59942 go-f3 module vulnerable to integer overflow leading to panic

go-f3 is a Golang implementation of Fast Finality for Filecoin F3. In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation,...

7.5CVSS7AI score0.00312EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/29 10:50 p.m.2 views

CVE-2025-59942 go-f3 module vulnerable to integer overflow leading to panic

go-f3 is a Golang implementation of Fast Finality for Filecoin F3. In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation,...

7.5CVSS6.6AI score0.00312EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/29 10:50 p.m.9 views

CVE-2025-59942 go-f3 module vulnerable to integer overflow leading to panic

go-f3 is a Golang implementation of Fast Finality for Filecoin F3. In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation,...

7.5CVSS0.00312EPSS
Exploits0References1
OSV
OSV
added 2025/09/29 8:40 p.m.3 views

GHSA-G99P-47X7-MQ88 go-f3 module vulnerable to integer overflow leading to panic

Impact Filecoin nodes consuming F3 messages are vulnerable. go-f3 panics when it validates a "poison" messages. A "poison" message can can cause integer overflow in the signer index validation. In Lotus' case, the whole node will crash. There is no barrier to entry. An attacker doesn't need any...

7.5CVSS7.2AI score0.00312EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/09/29 8:40 p.m.9 views

go-f3 module vulnerable to integer overflow leading to panic

Impact Filecoin nodes consuming F3 messages are vulnerable. go-f3 panics when it validates a "poison" messages. A "poison" message can can cause integer overflow in the signer index validation. In Lotus' case, the whole node will crash. There is no barrier to entry. An attacker doesn't need any...

7.5CVSS7.2AI score0.00312EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/29 12:0 a.m.4 views

PT-2025-39917

Name of the Vulnerable Software and Affected Versions go-f3 versions 0.8.6 and earlier Description go-f3 is a Golang implementation of Fast Finality for Filecoin F3. Versions 0.8.6 and below experience a panic when validating specific "poison" messages. These messages can trigger an integer...

9.9CVSS6.9AI score0.02829EPSS
Exploits11References47
Rows per page
Query Builder