CVE-2024-34478

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-34478
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-34478.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-34478
Aliases
Published
2024-05-05T01:15:06Z
Modified
2025-02-19T03:36:21.730303Z
Summary
[none]
Details

btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of funds.

References

Affected packages

Git / github.com/btcsuite/btcd

Affected ranges

Type
GIT
Repo
https://github.com/btcsuite/btcd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b1b94202082b8e22160df31349992f37fb360f75

Affected versions

Other

BTCD_0_10_0_BETA
BTCD_0_11_0_BETA
BTCD_0_11_1_BETA
BTCD_0_12_0_BETA
BTCD_0_3_0_ALPHA
BTCD_0_3_1_ALPHA
BTCD_0_3_2_ALPHA
BTCD_0_3_3_ALPHA
BTCD_0_4_0_ALPHA
BTCD_0_5_0_ALPHA
BTCD_0_6_0_ALPHA
BTCD_0_7_0_ALPHA
BTCD_0_8_0_BETA
BTCD_0_9_0_BETA

btcec/v2.*

btcec/v2.0.0
btcec/v2.1.0
btcec/v2.1.1
btcec/v2.1.2
btcec/v2.1.3
btcec/v2.2.0
btcec/v2.2.1
btcec/v2.3.0
btcec/v2.3.1
btcec/v2.3.2

btcutil/psbt/v1.*

btcutil/psbt/v1.0.0
btcutil/psbt/v1.1.0
btcutil/psbt/v1.1.1
btcutil/psbt/v1.1.2
btcutil/psbt/v1.1.3
btcutil/psbt/v1.1.4
btcutil/psbt/v1.1.5
btcutil/psbt/v1.1.6
btcutil/psbt/v1.1.7
btcutil/psbt/v1.1.8
btcutil/psbt/v1.1.9

btcutil/v1.*

btcutil/v1.0.0
btcutil/v1.1.0
btcutil/v1.1.1
btcutil/v1.1.2
btcutil/v1.1.3
btcutil/v1.1.4
btcutil/v1.1.5

chaincfg/chainhash/v1.*

chaincfg/chainhash/v1.0.0
chaincfg/chainhash/v1.0.1
chaincfg/chainhash/v1.0.2
chaincfg/chainhash/v1.0.3
chaincfg/chainhash/v1.1.0

v0.*

v0.20.0-beta
v0.20.1-beta
v0.21.0-beta
v0.22.0-beta
v0.23.0
v0.23.1
v0.23.2
v0.23.3
v0.23.4