CVE-2026-33471
Integer Overflow in Nimiq Rust SkipBlockProof Enables Signature Forgery
Publication date: 2026-04-22
Last updated on: 2026-04-24
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nimiq | nimiq_proof-of-stake | to 1.3.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-345 | The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-1284 | The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties. |
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the nimiq-block Rust implementation, specifically in the SkipBlockProof::verify function. This function uses BitSet.len() to compute a quorum check and then casts each BitSet index from usize to u16 for slot lookup. Before version 1.3.0, an attacker could craft a SkipBlockProof where MultiSignature.signers contains out-of-range indices spaced by 65536. These out-of-range indices artificially inflate the length count but collide onto the same in-range u16 slot during aggregation.
This flaw allows a malicious validator with fewer than the required 2f+1 real signer slots to pass the skip block proof verification by effectively multiplying a single BLS signature multiple times, bypassing the intended quorum check.
The vulnerability was fixed in version 1.3.0 of nimiq-block, and no known workarounds exist.
How can this vulnerability impact me? :
This vulnerability can allow a malicious validator to bypass the quorum verification process by faking the number of valid signers. As a result, an attacker with fewer than the required number of signatures can pass the skip block proof verification.
The impact includes the potential for unauthorized block acceptance or manipulation within the Nimiq blockchain system, which can compromise the integrity and reliability of the blockchain consensus.
Because the attacker can cause the system to accept invalid proofs, this could lead to denial of service, data integrity issues, or other attacks that undermine the blockchain's security.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed in nimiq-block version 1.3.0. Immediate mitigation involves upgrading to version 1.3.0 or later.
No known workarounds are available, so applying the patch is the recommended step.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves crafted SkipBlockProof messages containing MultiSignature.signers with out-of-range indices spaced by 65536 that bypass quorum checks. Detection involves inspecting SkipBlockProof multisignature signers for invalid or out-of-range slot indices that artificially inflate the BitSet length.
Since the vulnerability is specific to the internal BitSet indices used in the Rust implementation of Nimiq's block verification, detection requires analyzing the signer BitSet in SkipBlockProof messages to verify that all signer slot indices are within the valid range defined by Policy::SLOTS (less than the maximum allowed slots and within u16 limits).
There are no known direct network scanning commands or simple system commands to detect this vulnerability externally because it is a logic flaw in signature verification within the software. Detection would require either:
- Instrumenting or patching the Nimiq node software to log or reject SkipBlockProofs with invalid signer indices, as done in the patch introducing the `checked_signer_slots()` function.
- Reviewing logs for error messages related to failed signer slot validation during proof verification.
If you have access to the source or runtime environment, you could add debugging or logging around the verification function to detect signer BitSets containing indices >= Policy::SLOTS or indices that differ by multiples of 65536.
In summary, detection requires internal validation of signer slot indices in SkipBlockProofs and related multisignature proofs, which is implemented in the patched version 1.3.0. No simple external commands are available to detect this vulnerability on a network or system without such instrumentation.