What is GHSA-27w2-87xv-37c6?

GHSA-27w2-87xv-37c6 is a security advisory published by GitHub Security Advisories with High severity. nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT

Which CVE IDs does GHSA-27w2-87xv-37c6 cover?

GHSA-27w2-87xv-37c6 covers the following CVE IDs: CVE-2026-40092. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-27w2-87xv-37c6?

GHSA-27w2-87xv-37c6 has a CVSS v3 base score of 7.5, published by GitHub Security Advisories.

Which products are affected by GHSA-27w2-87xv-37c6?

GHSA-27w2-87xv-37c6 affects 1 product, including: rust/nimiq-keys:\u003c= 0.2.0.

GHSA-27w2-87xv-37c6HighCVSS 7.5

nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT

Vendor

GitHub Security Advisories

Published

May 15, 2026

Last Modified

May 15, 2026

🔗 CVE IDs covered (1)

CVE-2026-40092 →

📋 Description

Impact

A malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record containing a TaggedSigned<ValidatorRecord, KeyPair> with a signature field whose byte length is not exactly 64. When the victim node's DHT verifier calls TaggedSigned::verify, execution reaches Ed25519Signature::from_bytes(sig).unwrap() in the TaggedPublicKey implementation for Ed25519PublicKey. The from_bytes call fails because ed25519_zebra::Signature::try_from rejects slices not 64 bytes, and the unwrap() panics. The BLS TaggedPublicKey implementation correctly returns false on error; only the Ed25519 implementation panics.

Patches

The patch for this vulnerability is formally released as part of v1.4.0.

Workarounds

No known workarounds.

Resources

See PR.

🎯 Affected products1

rust/nimiq-keys:<= 0.2.0