Go modules package
github.com/filecoin-project/go-f3
pkg:golang/github.com/filecoin-project/go-f3
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-59942 | — | < 0.8.7 | 0.8.7 | Sep 29, 2025 | go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer | ||
| CVE-2025-59941 | — | < 0.8.9 | 0.8.9 | Sep 29, 2025 | go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker ca |
- CVE-2025-59942Sep 29, 2025affected < 0.8.7fixed 0.8.7
go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer
- CVE-2025-59941Sep 29, 2025affected < 0.8.9fixed 0.8.9
go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker ca