Описание
Namada-apps can Crash with Excessive Computation in Mempool Validation
Impact
A malicious transaction may cause a crash in mempool validation.
A transaction with authorization section containing 256 public keys or more with valid matching signatures triggers an integer overflow in signature verification that causes a the node to panic.
Patches
This issue has been patched in apps version 1.1.0. The mempool validation has been fixed to avoid overflow.
Workarounds
There are no workarounds and users are advised to upgrade.
Пакеты
Наименование
namada-apps
rust
Затронутые версииВерсия исправления
= 1.0.0
1.1.0
9.2 Critical
CVSS4
Дефекты
CWE-770
9.2 Critical
CVSS4
Дефекты
CWE-770