728x90
반응형
An authenticated user can supply crafted input that bypasses validation, allowing arbitrary system‑level command execution. This is a classic remote code‑execution flaw that can immediately compromise the underlying OS.
- CVE‑2025‑59942 – go‑f3 0.8.6 and below
The node crashes (panic) when validating specially‑crafted “poison” messages. A DoS that can be triggered by a malicious actor simply sending such a message to any target, potentially shutting down a Filecoin node. - CVE‑2025‑59941 – go‑f3 0.8.8 and below
Justification verification results are cached without contextual checks, enabling an attacker to replay a valid justification in an unrelated message context. This effectively bypasses security checks and can allow unauthorized actions on the network.
These three defects pose the highest immediate risk (remote code execution, DoS, and security bypass) and should be patched or mitigated as soon as possible.
728x90
반응형
SMALL