CVE-2024-34478 – github.com/btcsuite/btcd

Package

Manager: go
Name: github.com/btcsuite/btcd
Vulnerable Version: >=0 <0.24.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00082 pctl0.24755

Details

btcd susceptible to consensus failures btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of funds.

Metadata

Created: 2024-05-05T03:30:47Z
Modified: 2024-08-07T19:55:49Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-3jgf-r68h-xfqm/GHSA-3jgf-r68h-xfqm.json
CWE IDs: ["CWE-436"]
Alternative ID: GHSA-3jgf-r68h-xfqm
Finding: F184
Auto approve: 1