{"id":"CVE-2024-34478","details":"btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of funds.","aliases":["GHSA-3jgf-r68h-xfqm","GO-2024-2818"],"modified":"2026-04-10T05:13:30.897929Z","published":"2024-05-05T01:15:06.320Z","references":[{"type":"WEB","url":"https://github.com/btcsuite/btcd/blob/e4c88c3a3ecb1813529bf3dddc7a865bd418a6b8/blockchain/chain.go#L383C1-L392C3"},{"type":"WEB","url":"https://github.com/btcsuite/btcd/blob/e4c88c3a3ecb1813529bf3dddc7a865bd418a6b8/txscript/opcode.go#L1172C1-L1178C3"},{"type":"REPORT","url":"https://delvingbitcoin.org/t/disclosure-btcd-consensus-bugs-due-to-usage-of-signed-transaction-version/455"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/btcsuite/btcd","events":[{"introduced":"0"},{"fixed":"b1b94202082b8e22160df31349992f37fb360f75"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.24.0"}]}}],"versions":["BTCD_0_10_0_BETA","BTCD_0_11_0_BETA","BTCD_0_11_1_BETA","BTCD_0_12_0_BETA","BTCD_0_3_0_ALPHA","BTCD_0_3_1_ALPHA","BTCD_0_3_2_ALPHA","BTCD_0_3_3_ALPHA","BTCD_0_4_0_ALPHA","BTCD_0_5_0_ALPHA","BTCD_0_6_0_ALPHA","BTCD_0_7_0_ALPHA","BTCD_0_8_0_BETA","BTCD_0_9_0_BETA","btcec/v2.0.0","btcec/v2.1.0","btcec/v2.1.2","btcec/v2.1.3","btcec/v2.2.0","btcec/v2.2.1","btcec/v2.3.0","btcec/v2.3.1","btcec/v2.3.2","btcutil/psbt/v1.0.0","btcutil/psbt/v1.1.0","btcutil/psbt/v1.1.1","btcutil/psbt/v1.1.2","btcutil/psbt/v1.1.3","btcutil/psbt/v1.1.4","btcutil/psbt/v1.1.5","btcutil/psbt/v1.1.6","btcutil/psbt/v1.1.7","btcutil/psbt/v1.1.8","btcutil/psbt/v1.1.9","btcutil/v1.0.0","btcutil/v1.1.0","btcutil/v1.1.1","btcutil/v1.1.2","btcutil/v1.1.3","btcutil/v1.1.4","btcutil/v1.1.5","chaincfg/chainhash/v1.0.1","chaincfg/chainhash/v1.0.2","chaincfg/chainhash/v1.1.0","v0.20.0-beta","v0.20.1-beta","v0.21.0-beta","v0.22.0-beta","v0.23.0","v0.23.1","v0.23.2","v0.23.3","v0.23.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-34478.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}