GHSA-46wq-28cx-mhw4
nimiq-primitives: Panic in TrieProof::verify via child_index unwrap on equal-length keys
Details
### Impact
A malicious peer acting as a state-sync source can crash a syncing node by sending a crafted `TrieChunk` whose proof contains two `TrieProofNode`s with identical keys. `TrieProof::verify()` calls `TrieProofNode::child_index()` (`primitives/src/trie/trie_proof_node.rs:94`), which unconditionally unwraps `KeyNibbles::get(self.key.len())`. Because `is_prefix_of` returns `true` for two equal keys, execution reaches `get(len)`, which returns `None`, and the `unwrap()` panics.
The panic is reached from untrusted network input (`ResponseChunk` → `commit_chunks` → `put_chunk` → `proof.verify()`) **before** any cryptographic proof verification, so the attacker does not need to produce a valid proof. Exploitation requires the attacker to be selected as the victim's sync peer while the victim is performing state sync, and the resulting crash is transient (the node restarts and re-syncs).
Affected: core-rs-albatross <= 1.5.1 (`nimiq-primitives`).
### Patches
Fixed in **1.6.0** via https://github.com/nimiq/core-rs-albatross/pull/3789 (commit `41d35ace`). `child_index` now rejects equal-length keys and returns `MerkleRadixTrieError::WrongPrefix` instead of unwrapping.
### Workarounds
None other than syncing only from trusted peers. Upgrade to 1.6.0.
Are you affected?
Enter the version of the package you're using.
Affected packages
0 Fixed in: 1.6.0 Upgrade nimiq-primitives to 1.6.0 or newer (ecosystem crates.io).
References
- https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-46wq-28cx-mhw4 [WEB]
- https://github.com/nimiq/core-rs-albatross/pull/3789 [WEB]
- https://github.com/nimiq/core-rs-albatross/commit/41d35acee1b5cf3bc34ec3ddc1abbc03604e791e [WEB]
- https://github.com/nimiq/core-rs-albatross [PACKAGE]
- https://github.com/nimiq/core-rs-albatross/releases/tag/v1.6.0 [WEB]