Back

CVE-2024-34478

May 5, 2024, 1:15 a.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

btcd

  • before 0.24.0

Source

cve@mitre.org

Tags

cve@mitre.org
2024-05-05
CVE-2024-34478

CVE-2024-34478 details

Published : May 5, 2024, 1:15 a.m.
Last Modified : May 5, 2024, 1:15 a.m.

Description

btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of funds.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://delvingbitcoin.org/t/disclosure-btcd-consensus-bugs-due-to-usage-of-signed-transaction-version/455 cve@mitre.org
https://github.com/btcsuite/btcd/blob/e4c88c3a3ecb1813529bf3dddc7a865bd418a6b8/blockchain/chain.go#L383C1-L392C3 cve@mitre.org
https://github.com/btcsuite/btcd/blob/e4c88c3a3ecb1813529bf3dddc7a865bd418a6b8/txscript/opcode.go#L1172C1-L1178C3 cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.