CNNVD-202509-4320 Information
CNNVD ID
CNNVD-202509-4320
Related CVE
- CNNVD Published: 2025-09-29
Description (Chinese)
Go implementation of Fast Finality in Filecoin是Filecoin开源的一个快速确认机制的Golang库。 Go implementation of Fast Finality in Filecoin 0.8.8及之前版本存在安全漏洞,该漏洞源于验证结果缓存机制未正确考虑消息上下文,可能导致攻击者绕过验证。
Description (English)
Go application of Fast Financiality in Filecoin is a Golang library of the Filecoin open source. There is a security loophole in the Go application of Fast Finance in Filecoin 0.8.8 and earlier versions, which stems from the fact that the Cache Mechanism for Validation Results did not properly consider the context of the information, which could lead the attackers to bypass the authentication.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Filecoin
Published
2025-09-29
Last Modified
2026-02-24
References
https://github.com/filecoin-project/go-f3/commit/76fff18cf07b21baccf537024bdb2fb41f75f6e2#diff-e1f646cea41790e1642e4e649c9e3c526344736d67222201703e1c29c23e9625 https://github.com/filecoin-project/go-f3/security/advisories/GHSA-7pq9-rf9p-wcrf
Patch
https://github.com/filecoin-project/go-f3/releases
Share on: