CVE-2024-34478

Опубликовано: 05 мая 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of funds.

Ссылки

https://delvingbitcoin.org/t/disclosure-btcd-consensus-bugs-due-to-usage-of-signed-transaction-version/455
Issue Tracking
https://github.com/btcsuite/btcd/blob/e4c88c3a3ecb1813529bf3dddc7a865bd418a6b8/blockchain/chain.go#L383C1-L392C3
Product
https://github.com/btcsuite/btcd/blob/e4c88c3a3ecb1813529bf3dddc7a865bd418a6b8/txscript/opcode.go#L1172C1-L1178C3
Product
https://delvingbitcoin.org/t/disclosure-btcd-consensus-bugs-due-to-usage-of-signed-transaction-version/455
Issue Tracking
https://github.com/btcsuite/btcd/blob/e4c88c3a3ecb1813529bf3dddc7a865bd418a6b8/blockchain/chain.go#L383C1-L392C3
Product
https://github.com/btcsuite/btcd/blob/e4c88c3a3ecb1813529bf3dddc7a865bd418a6b8/txscript/opcode.go#L1172C1-L1178C3
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:btcd_project:btcd:*:*:*:*:*:*:*:*

Версия до 0.24.0 (исключая)

EPSS

Процентиль: 24%

0.00082

Низкий

7.5 High

CVSS3

Дефекты

CWE-436

Связанные уязвимости

GHSA-3jgf-r68h-xfqm

github

почти 2 года назад

btcd susceptible to consensus failures