Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2Blast Radius
ecosystem impact- 19 cargo packages depend on nimiq-keys (15 direct, 4 indirect)
Ecosystem-wide dependent count for version 0.2.0.
DescriptionGitHub Advisory
Impact
A malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record containing a TaggedSigned<ValidatorRecord, KeyPair> with a signature field whose byte length is not exactly 64. When the victim node's DHT verifier calls TaggedSigned::verify, execution reaches Ed25519Signature::from_bytes(sig).unwrap() in the TaggedPublicKey implementation for Ed25519PublicKey. The from_bytes call fails because ed25519_zebra::Signature::try_from rejects slices not 64 bytes, and the unwrap() panics. The BLS TaggedPublicKey implementation correctly returns false on error; only the Ed25519 implementation panics.
Patches
The patch for this vulnerability is formally released as part of v1.4.0.
Workarounds
No known workarounds.
Resources
See PR.
AnalysisAI
Remote denial-of-service vulnerability in Nimiq full nodes allows unauthenticated attackers to crash nodes by publishing malformed Kademlia DHT records with incorrect Ed25519 signature lengths. The vulnerability triggers a panic in the Ed25519 signature verification code when processing DHT records with signatures not exactly 64 bytes. Vendor-released patch: v1.4.0.
Technical ContextAI
The vulnerability exists in the nimiq-keys Rust crate, specifically in the TaggedPublicKey implementation for Ed25519 signatures. When verifying signatures from DHT records, the code calls Ed25519Signature::from_bytes(sig).unwrap() without first checking that the signature slice is exactly 64 bytes. The ed25519_zebra library's try_from method returns an error for non-64-byte slices, causing the unwrap() to panic. This represents a CWE-252 (Unchecked Return Value) where error handling is missing for invalid input lengths.
RemediationAI
Vendor-released patch: v1.4.0 of core-rs-albatross includes the fix that adds proper error handling for invalid signature lengths. Administrators should upgrade to v1.4.0 or later immediately. The patch modifies the Ed25519 TaggedPublicKey::verify implementation to return false instead of panicking when signature validation fails. No workarounds are available according to the vendor. Patch details are available at https://github.com/nimiq/core-rs-albatross/pull/3708 and the release at https://github.com/nimiq/core-rs-albatross/releases/tag/v1.4.0.
Same weakness CWE-252 – Unchecked Return Value
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31197
GHSA-27w2-87xv-37c6