VYPR
← All advisories
High severityNVD Advisory· Published Oct 10, 2018· Updated Sep 16, 2024

CVE-2018-18206

CVE-2018-18206

Description

In the client in Bytom before 1.0.6, checkTopicRegister in p2p/discover/net.go does not prevent negative idx values, leading to a crash.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In Bytom before 1.0.6, checkTopicRegister fails to prevent negative idx values, causing a crash.

Vulnerability

In the Bytom client before version 1.0.6, the function checkTopicRegister in p2p/discover/net.go does not prevent negative idx values. This vulnerability can be triggered during peer discovery when handling topic registration messages [1]. The flaw exists in the peer-to-peer discovery subsystem of the Bytom blockchain client [2].

Exploitation

An attacker on the network can send a crafted message with a negative idx value to a vulnerable Bytom node. No authentication is required, as the discovery protocol accepts messages from any peer. This causes the peer's node process to crash [1][4].

Impact

Successful exploitation leads to a denial-of-service condition: the targeted Bytom node crashes, disrupting its participation in the blockchain network [1]. The crash is limited to the node process; no code execution or data compromise is indicated in available references.

Mitigation

Upgrade to Bytom version 1.0.6 or later, which includes the fix for this issue [1][4]. The fix was implemented in pull request #1307 on GitHub and merged into the codebase [4]. No workaround is available for unpatched versions.

References
  1. NVD - CVE-2018-18206
  2. GitHub - BytomDAO/bytom: Official Go implementation of the Bytom protocol
  3. p2p/discv5: fix idx can be negative after uint convert to int(can cau… by yahtoo · Pull Request #1307 · BytomDAO/bytom

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/bytom/bytomGo
< 1.0.61.0.6

Affected products

2

Patches

1
1ac3c8ac4f2b

p2p/discv5: fix idx can be negative after uint convert to int(can cause crash) (#1307)

https://github.com/Bytom/bytomyahtooAug 31, 2018via ghsa
commit
1 file changed · +1 1
  • p2p/discover/net.go+1 1 modified
    @@ -1221,7 +1221,7 @@ func (net *Network) checkTopicRegister(data *topicRegister) (*pong, error) {
 	if hash != pongpkt.data.(*pong).TopicHash {
 		return nil, errors.New("topic hash mismatch")
 	}
-	if data.Idx < 0 || int(data.Idx) >= len(data.Topics) {
+	if int(data.Idx) < 0 || int(data.Idx) >= len(data.Topics) {
 		return nil, errors.New("topic index out of range")
 	}
 	return pongpkt.data.(*pong), nil

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.