x/vulndb: potential Go vuln in github.com/btcsuite/btcd: CVE-2024-36051

[GoVulnBot]

Advisory CVE-2024-36051 references a vulnerability in the following Go modules:

Module
github.com/btcsuite/btcd

Description: In btcd before 0.24.2, removeOpcodeByData mishandles the consensus rules for legacy signature verification. There can be a standard transaction that would be considered valid by Bitcoin Core but invalid by btcd.

References:

• ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-36051
• WEB: https://delvingbitcoin.org/t/cve-2024-38365-public-disclosure-btcd-findanddelete-bug/1184
• WEB: https://github.com/btcsuite/btcd/releases/tag/v0.24.2

Cross references:

• github.com/btcsuite/btcd appears in 2 other report(s):
  • data/reports/GO-2022-1098.yaml (https://github.com/golang/vulndb/issues/1098)
  • data/reports/GO-2024-2818.yaml (https://github.com/golang/vulndb/issues/2818)

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/btcsuite/btcd
      vulnerable_at: 0.24.2
summary: CVE-2024-36051 in github.com/btcsuite/btcd
cves:
    - CVE-2024-36051
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-36051
    - web: https://delvingbitcoin.org/t/cve-2024-38365-public-disclosure-btcd-findanddelete-bug/1184
    - web: https://github.com/btcsuite/btcd/releases/tag/v0.24.2
source:
    id: CVE-2024-36051
    created: 2024-10-10T14:01:25.841142603Z
review_status: UNREVIEWED

[maceonthompson]

Duplicate of #3189