{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T10:17:36.184","vulnerabilities":[{"cve":{"id":"CVE-2025-59942","sourceIdentifier":"security-advisories@github.com","published":"2025-09-29T23:15:32.303","lastModified":"2025-10-18T01:15:14.350","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.6 and below, go-f3 panics when it validates a \"poison\" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A \"poison\" message can can cause integer overflow in the signer index validation, which can cause the whole node to crash. These malicious messages aren't self-propagating since the bug is in the validator. An attacker needs to directly send the message to all targets. This issue is fixed in version 0.8.7."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:filecoin:go-f3:*:*:*:*:*:*:*:*","versionEndExcluding":"0.8.7","matchCriteriaId":"76067EBF-A178-4C8C-860A-A5FAEBB9801B"}]}]}],"references":[{"url":"https://github.com/filecoin-project/go-f3/security/advisories/GHSA-g99p-47x7-mq88","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}