Home > Vulnerability Database > CVE-2024-34478

Mend.io Vulnerability Database

CVE-2024-34478

Good to know:

Date: May 4, 2024

btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of funds.

Language: Go

Severity Score

6.5

Related Resources (9)

Url: https://delvingbitcoin.org/t/disclosure-btcd-consensus-bugs-due-to-usage-of-signed-transaction-version/455

Url: https://github.com/btcsuite/btcd/commit/253b688c68b89eca7eb75d4d5443dbdbc928db3c

Url: https://pkg.go.dev/vuln/GO-2024-2818

Url: https://github.com/btcsuite/btcd

Url: https://github.com/btcsuite/btcd/pull/1981

Url: https://github.com/btcsuite/btcd/blob/e4c88c3a3ecb1813529bf3dddc7a865bd418a6b8/txscript/opcode.go#L1172C1-L1178C3

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-34478

Url: https://github.com/btcsuite/btcd/blob/e4c88c3a3ecb1813529bf3dddc7a865bd418a6b8/blockchain/chain.go#L383C1-L392C3

Url: https://www.mend.io/vulnerability-database/CVE-2024-34478

Severity Score

6.5

Weakness Type (CWE)

Interpretation Conflict

CWE-436

Top Fix

Upgrade Version

Upgrade to version github.com/btcsuite/btcd - v0.24.0

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-34478

Good to know:

Date: May 4, 2024

Language: Go

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?