A flaw in the Nimiq core-rs-albatross peer discovery process allows an attacker to set a peer‐controlled limit to zero during the handshake phase. The value is stored unchanged and later used in a path that calculates a list size as the limit minus one. With a zero limit, this subtraction wraps to the maximum usize value, producing a very large number that causes the random selection routine to request a vector capacity that overflows, leading to a deterministic panic. The panic aborts the node, effectively denying service to all participants in the network. The weakness is reflected in CWE-191, an integer underflow leading to a subsequent overflow.

Vendors affected are Nimiq, product core-rs-albatross. All releases prior to version 1.3.0 are vulnerable. Version 1.3.0 and later contain the patch that validates the handshake limit and prevents the underflow. Users running the unpatched library should upgrade to 1.3.0 or later to avoid the issue.

The CVSS score of 7.5 indicates a high severity with potential for widespread denial of service. EPSS shows a probability of exploitation lower than 1%, suggesting limited active attacks reported at this time. The vulnerability is not listed in the CISA KEV catalog, so no known widespread exploitation is documented. The attack vector is remote, wherein a malicious peer can supply the offending limit during handshake. Attackers only need to establish a network connection to a running node and send a specially crafted handshake. The determinism of the panic means once the sequence is triggered the node will crash without further input, making mitigation simple if the software is patched.