NRDAX
Submit

← registry

NRDAX-T0120 - Integer-Overflow Panic Control Message

gossip_abuse · active · first seen 2018-01-01

provenance: Reproduced in NullRabbit's attack-reproduction pipeline

mechanism

CVE-2026-34219 (+CVE-2026-33040): gossipsub ControlPrune backoff≈u64::MAX → Instant/Duration overflow panic

instances (1)

chainprimitivefidelityoriginreproducer (bundle)source
libp2p gossipsub_prune_backoff_overflow lab reverse-engineered-cve gossipsub_prune_backoff_overflow https://github.com/libp2p/rust-libp2p/security/advisories/GHSA-xqmp-fxgv-xvq5 ↗

references

cve: CVE-2018-12018
cve: CVE-2025-46597
cve: CVE-2026-31814
cve: CVE-2026-32179
cve: CVE-2026-33040
cve: CVE-2026-34219
vendor-advisory: GHPR-Conflux-Chain-conflux-rust-3504
vendor-advisory: GHPR-Conflux-Chain-conflux-rust-3532
vendor-advisory: GHPR-aws-s2n-quic-2995
vendor-advisory: GHPR-aws-s2n-quic-2996
vendor-advisory: GHPR-aws-s2n-quic-3067
vendor-advisory: GHPR-grandinetech-grandine-356
vendor-advisory: GHPR-libp2p-rust-libp2p-6467
vendor-advisory: GHPR-near-nearcore-15921

related (gossip_abuse)

cite

https://nrdax.com/techniques/NRDAX-T0120

plain

NRDAX Registry. Technique NRDAX-T0120.

bibtex
@misc{nrdax_NRDAX_T0120,
  title = {Integer-Overflow Panic Control Message (NRDAX-T0120)},
  howpublished = {NRDAX Registry},
  url = {https://nrdax.com/techniques/NRDAX-T0120},
}
json (csl)
{
  "id": "nrdax-NRDAX-T0120",
  "type": "dataset",
  "title": "Integer-Overflow Panic Control Message (NRDAX-T0120)",
  "URL": "https://nrdax.com/techniques/NRDAX-T0120",
  "publisher": "NRDAX Registry"
}