{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/nimiq-primitives--1.5.0/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["nimiq-primitives (\u003c 1.5.0)"],"_cs_severities":["medium"],"_cs_tags":["denial-of-service","rust"],"_cs_type":"advisory","_cs_vendors":["Nimiq"],"content_html":"\u003cp\u003eA remote, unauthenticated denial-of-service vulnerability has been identified in the \u003ccode\u003enimiq-primitives\u003c/code\u003e library, specifically affecting the \u003ccode\u003eMerkleRadixTrie::put_chunk\u003c/code\u003e function. This vulnerability allows any state-sync peer to crash a node performing state synchronization, including freshly joining nodes and those recovering from data loss. The vulnerability occurs because a malicious peer can respond to a \u003ccode\u003eRequestChunk\u003c/code\u003e with a \u003ccode\u003eResponseChunk::Chunk\u003c/code\u003e whose first \u003ccode\u003eTrieItem.key\u003c/code\u003e is the empty (ROOT) key. When \u003ccode\u003eput_raw\u003c/code\u003e tries to store a value at the root node, it calls \u003ccode\u003eTrieNode::put_value(...).unwrap()\u003c/code\u003e, which returns \u003ccode\u003eErr(RootCantHaveValue)\u003c/code\u003e and panics, aborting the node process. This vulnerability impacts any node running state sync against untrusted peers. The affected package is \u003ccode\u003erust/nimiq-primitives\u003c/code\u003e versions prior to 1.5.0. This issue is tracked as CVE-2026-46545.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eA node initiates state synchronization with peers.\u003c/li\u003e\n\u003cli\u003eA malicious peer receives a \u003ccode\u003eRequestChunk\u003c/code\u003e message from the victim node.\u003c/li\u003e\n\u003cli\u003eThe malicious peer crafts a \u003ccode\u003eResponseChunk::Chunk\u003c/code\u003e message.\u003c/li\u003e\n\u003cli\u003eThe crafted \u003ccode\u003eResponseChunk::Chunk\u003c/code\u003e message contains a \u003ccode\u003eTrieItem.key\u003c/code\u003e with an empty (ROOT) key as its first element.\u003c/li\u003e\n\u003cli\u003eThe victim node receives the malicious chunk and processes it using \u003ccode\u003eMerkleRadixTrie::put_chunk\u003c/code\u003e (around line 819 in \u003ccode\u003eprimitives/trie/src/trie.rs\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eDuring processing, the \u003ccode\u003eput_raw\u003c/code\u003e function (around line 351 in \u003ccode\u003eprimitives/trie/src/trie.rs\u003c/code\u003e) attempts to store a value at the root node.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eTrieNode::put_value(...).unwrap()\u003c/code\u003e returns \u003ccode\u003eErr(RootCantHaveValue)\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe node process panics and aborts, resulting in a denial-of-service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis vulnerability can lead to a denial-of-service condition for nodes running state synchronization against untrusted peers. This includes freshly joining nodes performing initial download and existing nodes recovering from data loss. Successful exploitation results in the crashing of the victim node, disrupting its ability to participate in the network. The vulnerability can be triggered without authentication and is not subject to rate limiting, making it highly impactful.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to \u003ccode\u003enimiq-primitives\u003c/code\u003e version 1.5.0 or later to patch CVE-2026-46545.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for unexpected state synchronization behavior with untrusted peers.\u003c/li\u003e\n\u003cli\u003eImplement rate limiting and authentication mechanisms for state synchronization requests where feasible.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-21T19:51:50Z","date_published":"2026-05-21T19:51:50Z","id":"https://feed.craftedsignal.io/briefs/2026-05-nimiq-trie-dos/","summary":"A remote denial-of-service vulnerability (CVE-2026-46545) exists in Nimiq primitives where an unauthenticated peer can send a malicious chunk with an empty key, leading to a panic when `put_raw` attempts to store a value at the root node, causing the node process to abort.","title":"Nimiq Primitives Trie Chunk Processing Denial-of-Service (CVE-2026-46545)","url":"https://feed.craftedsignal.io/briefs/2026-05-nimiq-trie-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Nimiq-Primitives (\u003c 1.5.0)","version":"https://jsonfeed.org/version/1.1"}