Description

go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation, which can cause the whole node to crash. These malicious messages aren't self-propagating since the bug is in the validator. An attacker needs to directly send the message to all targets. This issue is fixed in version 0.8.7.

INFO

Published Date :

2025-09-29T22:50:36.462Z

Last Modified :

2025-09-30T13:51:13.530Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-59942 vulnerability.

Vendors Products
Filecoin
  • Go-f3
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-59942.

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact