Homepage
About Snyk

Race Condition Affecting github.com/btcsuite/btcd/txscript package, versions <0.24.0

Severity

 Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    EPSS
    0.05% (17th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-GOLANG-GITHUBCOMBTCSUITEBTCDTXSCRIPT-6808763
  • published 5 May 2024
  • disclosed 5 May 2024
  • credit Guido Vranken
Report a new vulnerability Found a mistake?

Introduced: 5 May 2024

CVE-2024-34478 Open this link in a new tab
CWE-362 Open this link in a new tab

How to fix?

Upgrade github.com/btcsuite/btcd/txscript to version 0.24.0 or higher.

Overview

Affected versions of this package are vulnerable to Race Condition due to the incorrect implementation of consensus rules as outlined in BIP 68 and BIP 112, specifically by treating the transaction version as a signed integer instead of unsigned. This misinterpretation can lead to a chain split and potential loss of funds by creating a discrepancy in the network consensus.

CVSS Scores

version 3.1
Expand this section

Snyk

Recommended
7 high
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    High
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    Low
  • Integrity (I)
    High
  • Availability (A)
    Low