7.1
CVE-2023-34458
- EPSS 1.07%
- Veröffentlicht 13.07.2023 19:15:09
- Zuletzt bearbeitet 21.11.2024 08:07:17
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Loginmx-chain-go's relayed transactions always increment nonce
mx-chain-go is the official implementation of the MultiversX blockchain protocol, written in golang. When executing a relayed transaction, if the inner transaction failed, it would have increased the inner transaction's sender account nonce. This could have contributed to a limited DoS attack on a targeted account. The fix is a breaking change so a new flag `RelayedNonceFixEnableEpoch` was needed. This was a strict processing issue while validating blocks on a chain. This vulnerability has been patched in version 1.4.17.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Multiversx ≫ Mx-chain-go SwPlatformgo Version < 1.4.17
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.07% | 0.604 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
| security-advisories@github.com | 7.1 | 1.6 | 5.5 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
https://github.com/multiversx/mx-chain-go/blob/babdb144f1316ab6176bf3dbd7d4621120414d43/integrationTests/vm/txsFee/relayedMoveBalance_test.go#LL165C14-L165C14
https://github.com/multiversx/mx-chain-go/commit/babdb144f1316ab6176bf3dbd7d4621120414d43
https://github.com/multiversx/mx-chain-go/releases/tag/v1.4.17
https://github.com/multiversx/mx-chain-go/security/advisories/GHSA-j494-7x2v-vvvp