CVE-2026-34067
Assertion Panic in nimiq-transaction Proof Verification Causes DoS
Publication date: 2026-04-22
Last updated on: 2026-04-24
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nimiq | nimiq_proof-of-stake | to 1.3.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-617 | The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability causes a denial of service (application crash) when processing malformed proofs from untrusted network peers. It does not impact confidentiality, integrity, or availability beyond causing a crash.
Since the vulnerability does not lead to data leakage, unauthorized access, or data modification, it is unlikely to directly affect compliance with standards such as GDPR or HIPAA, which focus on protecting personal data privacy and security.
However, denial of service conditions could indirectly affect availability requirements under some regulations, but given the low CVSS impact score and limited scope, this impact is minimal.
How can this vulnerability impact me? :
An attacker controlling a malicious peer in the network can exploit this vulnerability to cause the application using nimiq-transaction to crash by sending a specially crafted proof with mismatched lengths.
This results in a denial of service (DoS) condition, where the affected software becomes unavailable or unstable due to the crash.
The CVSS score indicates a low severity impact (Base Score 3.1) with no confidentiality or integrity loss, but with low availability impact.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed in version 1.3.0 of nimiq-transaction. Immediate mitigation involves upgrading to version 1.3.0 or later.
No known workarounds are available.
Can you explain this vulnerability to me?
This vulnerability exists in the nimiq-transaction Rust implementation prior to version 1.3.0. Specifically, the function HistoryTreeProof::verify panics when it receives a malformed proof where the length of the history does not match the length of the positions. This mismatch triggers an assertion failure (assert_eq!(history.len(), positions.len())).
The proof object being verified is derived from untrusted peer-to-peer network responses, meaning an attacker controlling a malicious peer can craft a proof with this length mismatch. When the vulnerable code attempts to verify this malicious proof, it causes the program to crash.
This vulnerability was fixed in version 1.3.0 of nimiq-transaction. There are no known workarounds.