Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
Lifecycle Timeline
7Blast Radius
ecosystem impact- 13 cargo packages depend on nimiq-block (10 direct, 3 indirect)
Ecosystem-wide dependent count for version 0.2.0.
DescriptionGitHub Advisory
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. SkipBlockProof::verify computes its quorum check using BitSet.len(), then iterates BitSet indices and casts each usize index to u16 (slot as u16) for slot lookup. Prior to version 1.3.0, if an attacker can get a SkipBlockProof verified where MultiSignature.signers contains out-of-range indices spaced by 65536, these indices inflate len() but collide onto the same in-range u16 slot during aggregation. This makes it possible for a malicious validator with far fewer than 2f+1 real signer slots to pass skip block proof verification by multiplying a single BLS signature by the same factor. The patch for this vulnerability is included as part of v1.3.0. No known workarounds are available.
AnalysisAI
Integer truncation in Nimiq core-rs-albatross's skip block proof verification allows authenticated validators to forge consensus quorum with insufficient signatures. Prior to v1.3.0, attackers exploit usize-to-u16 casting during BitSet iteration by inserting indices spaced at 65536 intervals - these inflate the quorum count via len() but collapse onto identical u16 slots during BLS signature aggregation, enabling a single malicious validator to masquerade as 2f+1 signers and pass verification. CVSS 9.6 (Critical) reflects network vector with low complexity and changed scope impacting integrity and availability of the Proof-of-Stake consensus. No EPSS or KEV data available; vendor-released patch confirmed in v1.3.0 via GitHub advisory and commit d020590.
Technical ContextAI
Nimiq core-rs-albatross implements the Albatross Proof-of-Stake consensus algorithm in Rust. Skip block proofs use BLS threshold signatures where validator participation is tracked via BitSet indices representing validator slots. The vulnerability stems from CWE-20 (Improper Input Validation) where SkipBlockProof::verify performs quorum validation using BitSet.len() - which counts total set bits regardless of numeric value - but then iterates indices and casts each usize to u16 for slot lookup during signature aggregation. In Rust, usize-to-u16 casting truncates high-order bits, so indices differing by exact multiples of 65536 (2^16) collapse to identical u16 values. An attacker crafting a MultiSignature.signers BitSet with indices like {42, 65578, 131114} produces len()=3 for quorum calculation but all resolve to slot 42 during aggregation, allowing one validator's BLS signature multiplied by 3 to appear as three distinct validators. This breaks the 2f+1 Byzantine fault tolerance threshold central to Albatross consensus.
RemediationAI
Upgrade Nimiq core-rs-albatross to version 1.3.0 or later, released March 2025 at https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0. The fix is implemented in commit d02059053181ed8ddad6b59a0adfd661ef5cd823 (pull request #3657) which corrects the type handling in SkipBlockProof verification to prevent integer truncation during slot lookup. No workarounds exist per vendor advisory - runtime mitigation is not possible without code changes. Operators should prioritize this upgrade for all consensus-participating nodes (validators and full nodes verifying skip block proofs). Verify upgrade success by confirming release tag v1.3.0 in deployment and reviewing commit history includes d020590. Post-upgrade, audit validator registration and access controls to ensure only authorized entities hold validator credentials, as PR:L requirement remains a necessary precondition for exploitation even in vulnerable versions.
More in Core Rs Albatross
View allTimestamp manipulation in Nimiq Core Rust implementation (nimiq-blockchain 1.3.0 and earlier) allows authenticated block
Nimiq core-rs-albatross validators prior to version 1.3.0 can be remotely crashed via malformed Tendermint proposals. An
Integer underflow in Nimiq core-rs-albatross <1.3.0 enables unauthenticated remote attackers to trigger deterministic de
Denial of service in Nimiq Core RS Albatross prior to version 1.3.0 allows remote attackers to crash full nodes by sendi
Panic-triggered denial of service in Nimiq's core-rs-albatross (versions prior to 1.4.0) allows a network-level attacker
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25054
GHSA-6973-8887-87ff