You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals
An untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key.
Hashing an election macro header hashes validators and reaches Validators::voting_keys(), which calls validator.voting_key.uncompress().unwrap() and panics on invalid bytes.
The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
Learn more on MITRE.
Impact
An untrusted p2p peer can cause a node to panic by announcing an election macro block whose
validatorsset contains an invalid compressed BLS voting key.Hashing an election macro header hashes
validatorsand reachesValidators::voting_keys(), which callsvalidator.voting_key.uncompress().unwrap()and panics on invalid bytes.Patches
The patch for this vulnerability is included as part of v1.3.0.
Workarounds
No known workarounds.
References