CVE-2024-34478

{"id": "CVE-2024-34478", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-05-05T01:15:06.320", "references": [{"url": "https://delvingbitcoin.org/t/disclosure-btcd-consensus-bugs-due-to-usage-of-signed-transaction-version/455", "tags": ["Issue Tracking"], "source": "cve@mitre.org"}, {"url": "https://github.com/btcsuite/btcd/blob/e4c88c3a3ecb1813529bf3dddc7a865bd418a6b8/blockchain/chain.go#L383C1-L392C3", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/btcsuite/btcd/blob/e4c88c3a3ecb1813529bf3dddc7a865bd418a6b8/txscript/opcode.go#L1172C1-L1178C3", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://delvingbitcoin.org/t/disclosure-btcd-consensus-bugs-due-to-usage-of-signed-transaction-version/455", "tags": ["Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/btcsuite/btcd/blob/e4c88c3a3ecb1813529bf3dddc7a865bd418a6b8/blockchain/chain.go#L383C1-L392C3", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/btcsuite/btcd/blob/e4c88c3a3ecb1813529bf3dddc7a865bd418a6b8/txscript/opcode.go#L1172C1-L1178C3", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-436"}]}], "descriptions": [{"lang": "en", "value": "btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of funds."}, {"lang": "es", "value": "btcd anterior a 0.24.0 no implementa correctamente las reglas de consenso descritas en BIP 68 y BIP 112, lo que lo hace susceptible a fallas de consenso. Espec\u00edficamente, utiliza la versi\u00f3n de la transacci\u00f3n como un entero con signo cuando se supone que debe tratarse como sin signo. Puede haber una divisi\u00f3n de la cadena y una p\u00e9rdida de fondos."}], "lastModified": "2025-08-21T15:42:23.163", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:btcd_project:btcd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1A28966-956A-4EF6-B2B3-FF6B74BB2B97", "versionEndExcluding": "0.24.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}