nimiq-primitives contains primitives (e.g., block, account, transaction) to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p pee…

A vulnerability in nimiq-primitives prior to version 1.3.0 allows untrusted P2P peers to cause node panics by announcing election macro blocks with invalid compressed BLS voting keys. The issue occurs when hashing election macro headers that contain invalid validator voting keys, causing the validator.voting_key.uncompress().unwrap() function to panic on invalid bytes. This vulnerability affects Nimiq's Rust implementation and has been patched in version 1.3.0 with no known workarounds available.