GHSA-82vg-5v4f-f9wq: 
Rust vulnerability analysis and mitigation

A critical vulnerability (GHSA-82vg-5v4f-f9wq) was discovered in the Namada-apps package version 1.0.0, affecting the mempool validation functionality. The vulnerability was published on February 17, 2025, and updated on February 20, 2025. The issue affects the cargo namada-apps package in Rust environments (GitHub Advisory).

The vulnerability is characterized by an integer overflow condition in the signature verification process during mempool validation. The issue occurs when a transaction contains an authorization section with 256 or more public keys accompanied by valid matching signatures. This condition triggers an integer overflow that results in a node panic. The vulnerability has been assigned a Critical severity rating with a CVSS score of 9.2, with attack vector being Network, attack complexity Low, and no privileges or user interaction required (GitHub Advisory).

When successfully exploited, this vulnerability causes a complete crash of the affected node through the mempool validation process. The CVSS metrics indicate High impact on system availability, while maintaining no direct impact on confidentiality or integrity of the system (GitHub Advisory).

The vulnerability has been patched in Namada-apps version 1.1.0, where the mempool validation has been fixed to prevent the overflow condition. There are no available workarounds, and users are strongly advised to upgrade to the patched version (GitHub Advisory).