Moderate severityNVD Advisory· Published May 5, 2024· Updated Aug 7, 2024
CVE-2024-34478
CVE-2024-34478
Description
btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of funds.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/btcsuite/btcdGo | < 0.24.0 | 0.24.0 |
Affected products
2Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-3jgf-r68h-xfqmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-34478ghsaADVISORY
- delvingbitcoin.org/t/disclosure-btcd-consensus-bugs-due-to-usage-of-signed-transaction-version/455ghsaWEB
- github.com/btcsuite/btcd/blob/e4c88c3a3ecb1813529bf3dddc7a865bd418a6b8/blockchain/chain.goghsaWEB
- github.com/btcsuite/btcd/blob/e4c88c3a3ecb1813529bf3dddc7a865bd418a6b8/txscript/opcode.goghsaWEB
- github.com/btcsuite/btcd/commit/253b688c68b89eca7eb75d4d5443dbdbc928db3cghsaWEB
- github.com/btcsuite/btcd/pull/1981ghsaWEB
- pkg.go.dev/vuln/GO-2024-2818ghsaWEB
News mentions
0No linked articles in our index yet.