216.73.216.233

CVE-2026-33471

· Published 22/04/2026 20:16 · Modified 22/04/2026 21:23

Labels: CVE-2026-33471 2026-04-22CVE-2026-33471CWE-20[email protected]

Essential information

Published
22/04/2026 20:16
Modified
22/04/2026 21:23
Author
Creator
CVSS
9.6 CRITICAL (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

CVSS metrics

Description

nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::verify` computes its quorum check using `BitSet.len()`, then iterates `BitSet` indices and casts each `usize` index to `u16` (`slot as u16`) for slot lookup. Prior to version 1.3.0, if an attacker can get a `SkipBlockProof` verified where `MultiSignature.signers` contains out-of-range indices spaced by 65536, these indices inflate `len()` but collide onto the same in-range `u16` slot during aggregation. This makes it possible for a malicious validator with far fewer than `2f+1` real signer slots to pass skip block proof verification by multiplying a single BLS signature by the same factor. The patch for this vulnerability is included as part of v1.3.0. No known workarounds are available.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
nimiq / nimiq-block cpe:2.3:a:nimiq:nimiq-block:<1.3.0:*:*:*:*:*:*:*

References