Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
go-f3 module vulnerable to integer overflow leading to panic
Vulnerability Description
go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation, which can cause the whole node to crash. These malicious messages aren't self-propagating since the bug is in the validator. An attacker needs to directly send the message to all targets. This issue is fixed in version 0.8.7.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
整数溢出或超界折返
Vulnerability Title
Go implementation of Fast Finality in Filecoin 输入验证错误漏洞
Vulnerability Description
Go implementation of Fast Finality in Filecoin是Filecoin开源的一个快速确认机制的Golang库。 Go implementation of Fast Finality in Filecoin 0.8.6及之前版本存在输入验证错误漏洞,该漏洞源于验证特制消息时存在整数溢出,可能导致节点崩溃。
CVSS Information
N/A
Vulnerability Type
N/A