PT-2026-42671 · Crates.Io · Nimiq-Blockchain
Published
2026-05-21
·
Updated
2026-05-21
·
CVE-2026-46543
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Impact
A remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls
get epoch chunks which iterates backwards through macro blocks using Policy::macro block before. When it reaches the genesis block number, macro block before panics with "No macro blocks before genesis block".Patches
The patch for this vulnerability is formally released as part of v1.5.0.
Workarounds
No Workaround, although requesting the genesis batch set is not used during normal operation.
Resources
See PR.
Fix
Assertion Failure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nimiq-Blockchain