Описание
Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block signature verification bypass in the transaction and block validator allowing a single node to sign a transaction and/or block multiple times, each with a random nonce, and have other validating nodes accept them as separate valid signatures.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:hyperledger:iroha:1.0:beta:*:*:*:*:*:*
cpe:2.3:a:hyperledger:iroha:1.0.0:beta1:*:*:*:*:*:*
EPSS
Процентиль: 30%
0.0011
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-347
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block signature verification bypass in the transaction and block validator allowing a single node to sign a transaction and/or block multiple times, each with a random nonce, and have other validating nodes accept them as separate valid signatures.
EPSS
Процентиль: 30%
0.0011
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-347