VYPR

Go F3

by Filecoin Project

Source repositories

CVEs (2)

  • CVE-2025-59942Sep 29, 2025
    risk 0.00cvss epss 0.00

    go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer…

  • CVE-2025-59941Sep 29, 2025
    risk 0.00cvss epss 0.00

    go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker…