Description
go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation, which can cause the whole node to crash. These malicious messages aren't self-propagating since the bug is in the validator. An attacker needs to directly send the message to all targets. This issue is fixed in version 0.8.7.
INFO
Published Date :
2025-09-29T22:50:36.462Z
Last Modified :
2025-09-30T13:51:13.530Z
Source :
GitHub_M
AFFECTED PRODUCTS
The following products are affected by CVE-2025-59942 vulnerability.
| Vendors | Products |
|---|---|
| Filecoin |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2025-59942.