Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
6Blast Radius
ecosystem impact- 17 cargo packages depend on nimiq-primitives (11 direct, 6 indirect)
Ecosystem-wide dependent count for version 0.2.0.
DescriptionGitHub Advisory
Impact
An untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key.
Hashing an election macro header hashes validators and reaches Validators::voting_keys(), which calls validator.voting_key.uncompress().unwrap() and panics on invalid bytes.
Patches
The patch for this vulnerability is included as part of v1.3.0.
Workarounds
No known workarounds.
AnalysisAI
Denial of service in nimiq-primitives (Nimiq blockchain core library) allows remote unauthenticated attackers to crash nodes via malformed peer-to-peer messages. Attackers announce election macro blocks containing invalid compressed BLS voting keys, triggering an unwrap() panic during header hash validation. Affects all versions prior to 1.3.0. CVSS 7.5 (High) with network attack vector and no complexity. No public exploit identified at time of analysis, but attack is trivial to execute given the network-accessible attack surface and lack of authentication requirements.
Technical ContextAI
This vulnerability affects nimiq-primitives, a Rust crate that implements core primitives for the Nimiq Albatross blockchain's peer-to-peer consensus protocol. Election macro blocks are critical consensus messages that define validator sets for proof-of-stake consensus. The vulnerability stems from CWE-252 (Unchecked Return Value) in the Validators::voting_keys() function, which calls uncompress().unwrap() on BLS (Boneh-Lynn-Shacham) compressed public keys without validating the compressed key bytes first. BLS signatures are used in blockchain consensus for validator voting. When a malicious peer announces an election macro block, the receiving node attempts to hash the block header, which involves deserializing the validators set. Invalid compressed BLS key bytes (not representing valid elliptic curve points) cause the unwrap() to panic, immediately terminating the node process. This violates Rust safety practices of handling Result types from cryptographic deserialization operations.
RemediationAI
Upgrade nimiq-primitives to version 1.3.0 or later, as confirmed by vendor release at https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0. The patch at https://github.com/nimiq/core-rs-albatross/commit/e10eaebcd7774e5da6d0ff5e88ed13503474f0ff adds proper validation of compressed BLS key bytes before decompression, replacing unwrap() with checked error handling. For Rust projects using nimiq-primitives as a dependency, update Cargo.toml to require version >=1.3.0 and run cargo update. No workarounds exist per vendor advisory. Compensating controls if immediate patching is impossible: (1) restrict peer-to-peer network access to trusted validator nodes only using firewall rules (blocks random malicious peers but limits decentralization and may violate blockchain network participation requirements), (2) implement external process monitoring to automatically restart crashed nodes (reduces downtime but does not prevent exploitation and may mask ongoing attacks), (3) deploy intrusion detection to alert on repeated node crashes (detection only, no prevention). All compensating controls have significant operational trade-offs and should be temporary measures only.
Same weakness CWE-252 – Unchecked Return Value
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25062
GHSA-7c4j-2m43-2mgh