| id: GO-2024-2818 |
| modules: |
| - module: github.com/btcsuite/btcd |
| versions: |
| - fixed: 0.24.0 |
| vulnerable_at: 0.23.4 |
| packages: |
| - package: github.com/btcsuite/btcd/blockchain |
| symbols: |
| - BlockChain.calcSequenceLock |
| derived_symbols: |
| - BlockChain.CalcSequenceLock |
| - BlockChain.CheckConnectBlockTemplate |
| - BlockChain.ProcessBlock |
| - ValidateTransactionScripts |
| - txValidator.Validate |
| - package: github.com/btcsuite/btcd/txscript |
| symbols: |
| - opcodeCheckSequenceVerify |
| derived_symbols: |
| - Engine.Execute |
| - Engine.Step |
| summary: Consensus failures in github.com/btcsuite/btcd |
| description: |- |
| Incorrect implementation of the consensus rules outlined in BIP 68 and BIP 112 |
| making btcd susceptible to consensus failures. Specifically, it uses the |
| transaction version as a signed integer when it is supposed to be treated as |
| unsigned. There can be a chain split and loss of funds. |
| cves: |
| - CVE-2024-34478 |
| ghsas: |
| - GHSA-3jgf-r68h-xfqm |
| credits: |
| - Niklas Gögge |
| references: |
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-34478 |
| - web: https://delvingbitcoin.org/t/disclosure-btcd-consensus-bugs-due-to-usage-of-signed-transaction-version/455 |
| - web: https://github.com/btcsuite/btcd/blob/e4c88c3a3ecb1813529bf3dddc7a865bd418a6b8/blockchain/chain.go#L383C1-L392C3 |
| - web: https://github.com/btcsuite/btcd/blob/e4c88c3a3ecb1813529bf3dddc7a865bd418a6b8/txscript/opcode.go#L1172C1-L1178C3 |
| - fix: https://github.com/btcsuite/btcd/pull/1981 |
| source: |
| id: GHSA-3jgf-r68h-xfqm |
| created: 2024-05-07T21:45:01.011365-07:00 |
