7.5
CVE-2026-32605
- EPSS 0.46%
- Veröffentlicht 13.04.2026 18:54:58
- Zuletzt bearbeitet 24.04.2026 17:11:26
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Nimiq: Remote crash via off-by-one signer bounds check in proposal buffer
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.num_validators(). ProposalSender::send uses > instead of >= for the signer bounds check, so the equality case passes and reaches validators.get_validator_by_slot_band(signer), which panics with an out-of-bounds index before any signature verification runs. This issue has been fixed in version 1.3.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nimiq ≫ Nimiq Proof-of-stake SwPlatformrust Version < 1.3.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.46% | 0.365 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CWE-193 Off-by-one Error
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0
https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-g99c-h7j7-rfhv
https://github.com/nimiq/core-rs-albatross/pull/3661
https://github.com/nimiq/core-rs-albatross/commit/9199364b60c7acae4219800d194bbe07d2997b8c