Skip to content

Validator parsing discrepancy due to string encoding

Critical
jcramer published GHSA-wmx6-vxcf-c3gr Nov 15, 2019

Package

npm slp-validate (npm)

Affected versions

1.0.0

Patched versions

1.0.1

Description

Impact

A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the [email protected] npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus.

Patches

All versions >1.0.0 have been patched.

Workarounds

Upgrade to any version > 1.0.0.

References

The bug was located and fixed here.

For more information

If you have any questions or comments about this advisory:

Severity

Critical

CVE ID

CVE-2019-16761

Weaknesses

No CWEs