CVE-2018-18206

Name of the Vulnerable Software and Affected Versions Bytom versions prior to 1.0.6

Description The issue arises from improper validation of arguments in a query, which can lead to an out-of-bounds panic. This can be exploited as a vector for denial of service attacks, especially when processing queries from untrusted parties. The checkTopicRegister function in p2p/discover/net.go does not prevent negative idx values, resulting in a crash.

Recommendations For Bytom versions prior to 1.0.6, update to version 1.0.6 or later to resolve the issue. As a temporary workaround, consider restricting the input validation to prevent negative idx values in the checkTopicRegister function until a patch is available.