GHSA-82vg-5v4f-f9wq: Namada-apps can Crash with Excessive Computation in Mempool Validation

February 20, 2025

A malicious transaction may cause a crash in mempool validation.

A transaction with authorization section containing 256 public keys or more with valid matching signatures triggers an integer overflow in signature verification that causes a the node to panic.

References

github.com/advisories/GHSA-82vg-5v4f-f9wq
github.com/anoma/namada
github.com/anoma/namada/security/advisories/GHSA-82vg-5v4f-f9wq

Code Behaviors & Features

Detect and mitigate GHSA-82vg-5v4f-f9wq with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →