CVE-2025-59941 (CNNVD-202509-4320)
中文标题:
Go implementation of Fast Finality in Filecoin 安全漏洞
英文标题:
go-f3 is Vulnerable to Cached Justification Verification Bypass
漏洞描述
中文描述:
Go implementation of Fast Finality in Filecoin是Filecoin开源的一个快速确认机制的Golang库。 Go implementation of Fast Finality in Filecoin 0.8.8及之前版本存在安全漏洞,该漏洞源于验证结果缓存机制未正确考虑消息上下文,可能导致攻击者绕过验证。
英文描述:
go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker can bypass justification verification by submitting a valid message with a correct justification and then reusing the same cached justification in contexts where it would normally be invalid. This occurs because the cached verification does not properly validate the relationship between the justification and the specific message context it's being used with. This issue is fixed in version 0.8.9.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| filecoin-project | go-f3 | < 0.8.9 | - | - |
cpe:2.3:a:filecoin-project:go-f3:<_0.8.9:*:*:*:*:*:*:*
|
| filecoin | go-f3 | * | - | - |
cpe:2.3:a:filecoin:go-f3:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
cve.org
CVSS评分详情
3.1 (cna)
MEDIUMCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-59941 |
2025-11-11 15:23:31 | 2025-11-11 07:40:47 |
| NVD | nvd_CVE-2025-59941 |
2025-11-11 15:01:04 | 2025-11-11 07:48:34 |
| CNNVD | cnnvd_CNNVD-202509-4320 |
2025-11-11 15:12:59 | 2025-11-11 08:00:14 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202509-4320
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 1 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']