CVE-2024-34478

btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of funds.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://delvingbitcoin.org/t/disclosure-btcd-consensus-bugs-due-to-usage-of-signed-transaction-version/455
https://github.com/btcsuite/btcd/blob/e4c88c3a3ecb1813529bf3dddc7a865bd418a6b8/blockchain/chain.go#L383C1-L392C3
https://github.com/btcsuite/btcd/blob/e4c88c3a3ecb1813529bf3dddc7a865bd418a6b8/txscript/opcode.go#L1172C1-L1178C3

Configurations

No configuration.

History

07 Aug 2024, 16:35

Type	Values Removed	Values Added
Summary		(es) btcd anterior a 0.24.0 no implementa correctamente las reglas de consenso descritas en BIP 68 y BIP 112, lo que lo hace susceptible a fallas de consenso. Específicamente, utiliza la versión de la transacción como un entero con signo cuando se supone que debe tratarse como sin signo. Puede haber una división de la cadena y una pérdida de fondos.
CWE		CWE-436
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

05 May 2024, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-05 01:15

Updated : 2024-08-07 16:35

NVD link : CVE-2024-34478

Mitre link : CVE-2024-34478

CVE.ORG link : CVE-2024-34478

JSON object : View

Products Affected

No product.

CWE

CWE-436

Interpretation Conflict

7.5 /10