CVE-2026-33471

EPSS 0.22%
Veröffentlicht 22.04.2026 19:13:04
Zuletzt bearbeitet 24.04.2026 17:11:40
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation

nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::verify` computes its quorum check using `BitSet.len()`, then iterates `BitSet` indices and casts each `usize` index to `u16` (`slot as u16`) for slot lookup. Prior to version 1.3.0, if an attacker can get a `SkipBlockProof` verified where `MultiSignature.signers` contains out-of-range indices spaced by 65536, these indices inflate `len()` but collide onto the same in-range `u16` slot during aggregation. This makes it possible for a malicious validator with far fewer than `2f+1` real signer slots to pass skip block proof verification by multiplying a single BLS signature by the same factor. The patch for this vulnerability is included as part of v1.3.0. No known workarounds are available.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 4 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nimiq ≫ Nimiq Proof-of-stake SwPlatformrust Version < 1.3.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.12

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	9.6	3.1	5.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0

Release Notes

https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-6973-8887-87ff

Patch

Vendor Advisory

https://github.com/nimiq/core-rs-albatross/commit/d02059053181ed8ddad6b59a0adfd661ef5cd823

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-33471

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-33471

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-33471

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-33471