VDB
KO
LOW 3.7

GHSA-46wq-28cx-mhw4

nimiq-primitives: Panic in TrieProof::verify via child_index unwrap on equal-length keys

Details

### Impact

A malicious peer acting as a state-sync source can crash a syncing node by sending a crafted `TrieChunk` whose proof contains two `TrieProofNode`s with identical keys. `TrieProof::verify()` calls `TrieProofNode::child_index()` (`primitives/src/trie/trie_proof_node.rs:94`), which unconditionally unwraps `KeyNibbles::get(self.key.len())`. Because `is_prefix_of` returns `true` for two equal keys, execution reaches `get(len)`, which returns `None`, and the `unwrap()` panics.

The panic is reached from untrusted network input (`ResponseChunk` → `commit_chunks` → `put_chunk` → `proof.verify()`) **before** any cryptographic proof verification, so the attacker does not need to produce a valid proof. Exploitation requires the attacker to be selected as the victim's sync peer while the victim is performing state sync, and the resulting crash is transient (the node restarts and re-syncs).

Affected: core-rs-albatross <= 1.5.1 (`nimiq-primitives`).

### Patches

Fixed in **1.6.0** via https://github.com/nimiq/core-rs-albatross/pull/3789 (commit `41d35ace`). `child_index` now rejects equal-length keys and returns `MerkleRadixTrieError::WrongPrefix` instead of unwrapping.

### Workarounds

None other than syncing only from trusted peers. Upgrade to 1.6.0.

Are you affected?

Enter the version of the package you're using.

Affected packages

crates.io / nimiq-primitives
Introduced in: 0 Fixed in: 1.6.0

Upgrade nimiq-primitives to 1.6.0 or newer (ecosystem crates.io).

References