VYPR
Vendor

Filecoin Project

Products
2
CVEs
3
Across products
3
Status
Private

Products

2

Recent CVEs

3
  • CVE-2025-59942Sep 29, 2025
    risk 0.00cvss epss 0.00

    go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer…

  • CVE-2025-59941Sep 29, 2025
    risk 0.00cvss epss 0.00

    go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker…

  • CVE-2021-21405MedApr 15, 2021
    risk 0.00cvss 5.9epss 0.01

    Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2…