CNNVD-202512-428 Information
CNNVD ID
CNNVD-202512-428
Related CVE
- CNNVD Published: 2025-12-04
Description (Chinese)
Taiko Alethia是Taiko Labs开源的一个用于实现Taiko Layer 2网络的基于以太坊的ZK-EVM Rollup协议的软件集合。 Taiko Alethia 2.3.1及之前版本存在输入验证错误漏洞,该漏洞源于TaikoInbox._verifyBatches函数在未确认批次验证状态时提前更新tid值,可能导致已验证链指针损坏。
Description (English)
Taiko Alethia is a collection of software based on the ZK-EVM Rollup protocol for achieving the Taiko Layer 2 network. Taiko Alethia 2.3.1 and previous versions have input authentication error holes, which stem from the early update of the tid values by the TaikoInbox. verifyBatches function when the batch authentication status is not confirmed, which may cause damage to the proven chain pointer.
Hazard Level
High
Vulnerability Type
输入验证错误
Affected Vendor
Taiko Labs
Published
2025-12-04
Last Modified
2026-02-24
References
https://github.com/taikoxyz/taiko-mono/commit/379f5cb4ffe9e1945563ab2c7740bc9f4ea004d8 https://github.com/taikoxyz/taiko-mono/security/advisories/GHSA-5mxh-r33p-6h5x
Patch
https://github.com/taikoxyz/taiko-mono/releases
Share on: