We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-53359

ethereum does not check transaction malleability for EIP-2930, EIP-1559 and EIP-7702 transactions



Description

ethereum is a common ethereum structs for Rust. Prior to ethereum crate v0.18.0, signature malleability (according to EIP-2) was only checked for "legacy" transactions, but not for EIP-2930, EIP-1559 and EIP-7702 transactions. This is a specification deviation. The signature malleability itself is not a security issue and not as high of a risk if the ethereum crate is used on a single-implementation blockchain. This issue has been patched in version v0.18.0. A workaround for this issue involves manually checking transaction malleability outside of the crate, however upgrading is recommended.

Reserved 2025-06-27 | Published 2025-07-02 | Updated 2025-07-03 | Assigner GitHub_M


MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-754: Improper Check for Unusual or Exceptional Conditions

Product status

< 0.18.0
affected

References

github.com/...hereum/security/advisories/GHSA-3w94-vq2x-v5wr

github.com/rust-ethereum/ethereum/pull/67

github.com/...ommit/2dd9d1d5d0936ec7350093ff3a5a7169a349db77

cve.org (CVE-2025-53359)

nvd.nist.gov (CVE-2025-53359)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-53359

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.