Vulnerability Description
btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of funds.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Btcd Project | Btcd | < 0.24.0 |
Related Weaknesses (CWE)
References
- https://delvingbitcoin.org/t/disclosure-btcd-consensus-bugs-due-to-usage-of-signIssue Tracking
- https://github.com/btcsuite/btcd/blob/e4c88c3a3ecb1813529bf3dddc7a865bd418a6b8/bProduct
- https://github.com/btcsuite/btcd/blob/e4c88c3a3ecb1813529bf3dddc7a865bd418a6b8/tProduct
- https://delvingbitcoin.org/t/disclosure-btcd-consensus-bugs-due-to-usage-of-signIssue Tracking
- https://github.com/btcsuite/btcd/blob/e4c88c3a3ecb1813529bf3dddc7a865bd418a6b8/bProduct
- https://github.com/btcsuite/btcd/blob/e4c88c3a3ecb1813529bf3dddc7a865bd418a6b8/tProduct
FAQ
What is CVE-2024-34478?
CVE-2024-34478 is a vulnerability with a CVSS score of 7.5 (HIGH). btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a sign...
How severe is CVE-2024-34478?
CVE-2024-34478 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-34478?
Check the references section above for vendor advisories and patch information. Affected products include: Btcd Project Btcd.