GHSA-82vg-5v4f-f9wq
Suggest an improvement- Source
- https://github.com/advisories/GHSA-82vg-5v4f-f9wq
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/02/GHSA-82vg-5v4f-f9wq/GHSA-82vg-5v4f-f9wq.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-82vg-5v4f-f9wq
- Published
- 2025-02-20T20:33:56Z
- Modified
- 2025-02-20T20:33:56Z
- Severity
-
- 9.2 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H CVSS Calculator
- Summary
- Namada-apps can Crash with Excessive Computation in Mempool Validation
- Details
-
Impact
A malicious transaction may cause a crash in mempool validation.
A transaction with authorization section containing 256 public keys or more with valid matching signatures triggers an integer overflow in signature verification that causes a the node to panic.
Patches
This issue has been patched in apps version 1.1.0. The mempool validation has been fixed to avoid overflow.
Workarounds
There are no workarounds and users are advised to upgrade.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-770" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2025-02-20T20:33:56Z" }- References
Affected packages
crates.io / namada-apps
Package
- Name
- namada-apps
- View open source insights on deps.dev
- Purl
- pkg:cargo/namada-apps