Approved changes feed: RSS · Atom

cpe:2.3:a:nimiq:nimiq-primitives:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorNimiq (a6c6d398-2780-5e77-a82f-ca37478d870d)
ProductNimiq Primitives (f3aa3830-d966-55ee-a8d6-17c300a08c15)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2026-34065 vulnerable 2026-06-08 07:59:11.729861 nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals
HIGH (7.5)
nimiq-primitives contains primitives (e.g., block, account, transaction) to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can cause a node to panic by announcing an election macro block whose `validators` set contains an invalid compressed BLS voting key. Hashing an election macro header hashes `validators` and reaches `Validators::voting_keys()`, which calls `validator.voting_key.uncompress().unwrap()` and panics on invalid bytes. The patch for this vulnerability is included as part of v1.3.0. No known workarounds are available.
Published: 2026-04-22T19:45:01.171Z
Updated: 2026-04-23T14:17:01.654Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.