Race Condition Affecting github.com/btcsuite/btcd/blockchain package, versions <0.24.0


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    EPSS
    0.05% (17th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-GOLANG-GITHUBCOMBTCSUITEBTCDBLOCKCHAIN-6808762
  • published 5 May 2024
  • disclosed 5 May 2024
  • credit Guido Vranken

How to fix?

Upgrade github.com/btcsuite/btcd/blockchain to version 0.24.0 or higher.

Overview

Affected versions of this package are vulnerable to Race Condition due to the incorrect implementation of consensus rules as outlined in BIP 68 and BIP 112, specifically by treating the transaction version as a signed integer instead of unsigned. This misinterpretation can lead to a chain split and potential loss of funds by creating a discrepancy in the network consensus.

CVSS Scores

version 3.1
Expand this section

Snyk

Recommended
7 high
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    High
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    Low
  • Integrity (I)
    High
  • Availability (A)
    Low