GO-2024-3189

Source
https://pkg.go.dev/vuln/GO-2024-3189
Import Source
https://vuln.go.dev/ID/GO-2024-3189.json
JSON Data
https://api.osv.dev/v1/vulns/GO-2024-3189
Aliases
Published
2024-10-15T18:38:57Z
Modified
2024-10-17T14:56:24Z
Summary
Consensus failure in github.com/btcsuite/btcd
Details

The btcd Bitcoin client (versions 0.10 to 0.24) did not correctly re-implement Bitcoin Core's 'FindAndDelete()' functionality, causing discrepancies in the validation of Bitcoin blocks. This can lead to a chain split (accepting an invalid block) or Denial of Service (DoS) attacks (rejecting a valid block). An attacker can trigger this vulnerability by constructing a 'standard' Bitcoin transaction that exhibits different behaviors in 'FindAndDelete()' and 'removeOpcodeByData()'.

Database specific
{
    "review_status": "REVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2024-3189"
}
References
Credits
    • darosior
    • dergoegge

Affected packages

Go / github.com/btcsuite/btcd

Package

Name
github.com/btcsuite/btcd
View open source insights on deps.dev
Purl
pkg:golang/github.com/btcsuite/btcd

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.24.2-beta.rc1

Ecosystem specific

{
    "custom_ranges": [
        {
            "events": [
                {
                    "introduced": "0.10.0"
                }
            ],
            "type": "ECOSYSTEM"
        }
    ],
    "imports": [
        {
            "path": "github.com/btcsuite/btcd/txscript",
            "symbols": [
                "Engine.Execute",
                "Engine.Step",
                "VerifyTaprootKeySpend",
                "baseSegwitSigVerifier.Verify",
                "baseSigVerifier.Verify",
                "baseTapscriptSigVerifier.Verify",
                "opcodeCheckMultiSig",
                "opcodeCheckSig",
                "opcodeCheckSigAdd",
                "opcodeCodeSeparator",
                "removeOpcodeByData",
                "taprootSigVerifier.Verify"
            ]
        }
    ]
}