Nimiq Blockchain
Approved changes feed: RSS · Atom
cpe:2.3:a:nimiq:nimiq-blockchain:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Nimiq (a6c6d398-2780-5e77-a82f-ca37478d870d) |
|---|---|
| Product | Nimiq Blockchain (4738f0b1-7c46-567f-86f4-d0c0f9b7dc05) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-34066 |
vulnerable | 2026-06-08 07:59:11.731402 |
nimiq-blockchain: Peer-triggerable panic during history sync
MEDIUM (5.3)
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, `HistoryStore::put_historic_txns` uses an `assert!` to enforce invariants about `HistoricTransaction.block_number` (must be within the macro block being pushed and within the same epoch). During history sync, a peer can influence the `history: &[HistoricTransaction]` input passed into `Blockchain::push_history_sync`, and a malformed history list can violate these invariants and trigger a panic. `extend_history_sync` calls `this.history_store.add_to_history(..)` before comparing the computed history root against the macro block header (`block.history_root()`), so the panic can happen before later rejection checks run. The patch for this vulnerability is included as part of v1.3.0. No known workarounds are available.
Published: 2026-04-22T19:47:49.249Z
Updated: 2026-04-23T12:57:06.467Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.