Описание
btcd susceptible to consensus failures
btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of funds.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-34478
- https://github.com/btcsuite/btcd/pull/1981
- https://github.com/btcsuite/btcd/commit/253b688c68b89eca7eb75d4d5443dbdbc928db3c
- https://delvingbitcoin.org/t/disclosure-btcd-consensus-bugs-due-to-usage-of-signed-transaction-version/455
- https://github.com/btcsuite/btcd/blob/e4c88c3a3ecb1813529bf3dddc7a865bd418a6b8/blockchain/chain.go#L383C1-L392C3
- https://github.com/btcsuite/btcd/blob/e4c88c3a3ecb1813529bf3dddc7a865bd418a6b8/txscript/opcode.go#L1172C1-L1178C3
- https://pkg.go.dev/vuln/GO-2024-2818
Пакеты
Наименование
github.com/btcsuite/btcd
go
Затронутые версииВерсия исправления
< 0.24.0
0.24.0
Связанные уязвимости
CVSS3: 7.5
nvd
почти 2 года назад
btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of funds.