NRDAX
Submit

← registry

NRDAX-T0122 - Integer Signedness Index OOB Crash

compute_amp · active · first seen 2026-07-07

provenance: Reproduced in NullRabbit's attack-reproduction pipeline

mechanism

CVE-2021-3121 (gogoproto 'skippy peanut butter'): unknown length-delimited field with a negative-length varint → pre-1.3.2 skip code does iNdEx+=length with no length<0 check → index out of bounds → p

instances (2)

chainprimitivefidelityoriginreproducer (bundle)source
cosmos cosmos_gogoproto_skippy lab reverse-engineered-cve cosmos_gogoproto_skippy https://osv.dev/vulnerability/CVE-2021-3121 ↗
ethereum geth_les_skip_negative lab reverse-engineered-cve geth_les_skip_negative https://peckshield.medium.com/epod-ethereum-packet-of-death-cve-2018-12018-fc9ee944843e ↗

references

vendor-advisory: GHPR-scroll-tech-go-ethereum-1195

related (compute_amp)

cite

https://nrdax.com/techniques/NRDAX-T0122

plain

NRDAX Registry. Technique NRDAX-T0122.

bibtex
@misc{nrdax_NRDAX_T0122,
  title = {Integer Signedness Index OOB Crash (NRDAX-T0122)},
  howpublished = {NRDAX Registry},
  url = {https://nrdax.com/techniques/NRDAX-T0122},
}
json (csl)
{
  "id": "nrdax-NRDAX-T0122",
  "type": "dataset",
  "title": "Integer Signedness Index OOB Crash (NRDAX-T0122)",
  "URL": "https://nrdax.com/techniques/NRDAX-T0122",
  "publisher": "NRDAX Registry"
}