VYPR

Go modules package

github.com/filecoin-project/go-f3

pkg:golang/github.com/filecoin-project/go-f3

Vulnerabilities (2)

  • CVE-2025-59942Sep 29, 2025
    affected < 0.8.7fixed 0.8.7

    go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer

  • CVE-2025-59941Sep 29, 2025
    affected < 0.8.9fixed 0.8.9

    go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker ca