Impact
What kind of vulnerability is it? Who is impacted?
All users of a hydra-node
Patches
Has the problem been patched? What versions should users upgrade to?
Yes, in b13d95a and #976
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Not really
References
Are there any links users can visit to find out more?
Description:
The check for the multisignature validity is not complete in case the list of keys is the proper prefix of the multisignature list (two lists are not of the same length). In this case hydra-node would skip validating certain verification key/s.
abailly-iohk Reporter
v0d1ch Reporter
Impact
What kind of vulnerability is it? Who is impacted?
All users of a hydra-node
Patches
Has the problem been patched? What versions should users upgrade to?
Yes, in b13d95a and #976
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Not really
References
Are there any links users can visit to find out more?
Description:
The check for the multisignature validity is not complete in case the list of keys is the proper prefix of the multisignature list (two lists are not of the same length). In this case hydra-node would skip validating certain verification key/s.