VYPR
Get started
← All advisories
High severity7.5GHSA Advisory· Published May 15, 2026

nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT

CVE-2026-40092

Description

Impact

A malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record containing a TaggedSigned<ValidatorRecord, KeyPair> with a signature field whose byte length is not exactly 64. When the victim node's DHT verifier calls TaggedSigned::verify, execution reaches Ed25519Signature::from_bytes(sig).unwrap() in the TaggedPublicKey implementation for Ed25519PublicKey. The from_bytes call fails because ed25519_zebra::Signature::try_from rejects slices not 64 bytes, and the unwrap() panics. The BLS TaggedPublicKey implementation correctly returns false on error; only the Ed25519 implementation panics.

Patches

The patch for this vulnerability is formally released as part of v1.4.0.

Workarounds

No known workarounds.

Resources

See PR.

Affected products

1

Patches

1
807ee8e99a7c

Fix TaggedPublicKey::verify panic on invalid signature length

https://github.com/nimiq/core-rs-albatrossJose Daniel HernandezApr 8, 2026via ghsa
commit
1 file changed · +37 1
  • keys/src/tagged_signing.rs+37 1 modified
    @@ -12,6 +12,42 @@ impl TaggedKeyPair for KeyPair {
 
 impl TaggedPublicKey for Ed25519PublicKey {
     fn verify(&self, msg: &[u8], sig: &[u8]) -> bool {
-        self.verify(&Ed25519Signature::from_bytes(sig).unwrap(), msg)
+        let Ok(signature) = Ed25519Signature::from_bytes(sig) else {
+            return false;
+        };
+
+        self.verify(&signature, msg)
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use nimiq_test_log::test;
+    use nimiq_test_utils::test_rng;
+
+    use super::*;
+    use crate::SecureGenerate;
+
+    #[test]
+    fn tagged_verify_rejects_invalid_signature_lengths() {
+        let keypair = KeyPair::generate(&mut test_rng(false));
+        let message = b"test message";
+        let signature = keypair.sign(message);
+
+        assert!(TaggedPublicKey::verify(
+            &keypair.public,
+            message,
+            &signature.to_bytes(),
+        ));
+        assert!(!TaggedPublicKey::verify(
+            &keypair.public,
+            message,
+            &[0u8; Ed25519Signature::SIZE - 1],
+        ));
+        assert!(!TaggedPublicKey::verify(
+            &keypair.public,
+            message,
+            &[0u8; Ed25519Signature::SIZE + 1],
+        ));
     }
 }

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.