PT-2025-7640 — Allocation of Resources Without Limits in Apps Apps

PT-2025-7640 · Apps · Apps

Published

2025-02-20

Updated

2025-02-20

CVSS v4.0

9.2

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

Name of the Vulnerable Software and Affected Versions apps versions prior to 1.1.0

Description A malicious transaction can cause a crash in mempool validation due to an integer overflow in signature verification. This occurs when a transaction's authorization section contains 256 public keys or more with valid matching signatures, triggering the node to panic.

Recommendations For versions prior to 1.1.0, upgrade to version 1.1.0 to fix the mempool validation and avoid overflow.

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

GHSA-82VG-5V4F-F9WQ

Affected Products

Apps

PT-2025-7640 · Apps · Apps

Weakness Enumeration

Related Identifiers

Affected Products

References · 3