EUVD-2026-25062
GHSA-7c4j-2m43-2mgh
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionNVD
Impact
An untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key.
Hashing an election macro header hashes validators and reaches Validators::voting_keys(), which calls validator.voting_key.uncompress().unwrap() and panics on invalid bytes.
Patches
The patch for this vulnerability is included as part of v1.3.0.
Workarounds
No known workarounds.
AnalysisAI
Denial of service in nimiq-primitives (Nimiq blockchain core library) allows remote unauthenticated attackers to crash nodes via malformed peer-to-peer messages. Attackers announce election macro blocks containing invalid compressed BLS voting keys, triggering an unwrap() panic during header hash validation. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory all Nimiq-primitives deployments and confirm current versions; apply vendor-released patch to upgrade to version 1.3.0 or later immediately on all affected nodes. Within 7 days: Verify patch deployment across all production and staging infrastructure; implement network monitoring for malformed peer-to-peer messages as a temporary detection layer. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today