CVE-2023-42374

Опубликовано: 13 фев. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote attacker to execute arbitrary code and cause a denial of service via a crafted compressed script to the Sui node component.

Ссылки

https://beosin.com/resources/%22memory-bomb%22-vulnerability-causes-sui-node-to-crash?lang=en-US
Third Party Advisory
https://github.com/MystenLabs/sui/commit/42d4ad103a21d23fecd7c0271453da41604e71e9
Patch
https://medium.com/%40Beosin_com/memory-bomb-vulnerability-causes-sui-node-to-crash-7e8e3ef5057c
Broken Link
https://beosin.com/resources/%22memory-bomb%22-vulnerability-causes-sui-node-to-crash?lang=en-US
Third Party Advisory
https://github.com/MystenLabs/sui/commit/42d4ad103a21d23fecd7c0271453da41604e71e9
Patch
https://medium.com/%40Beosin_com/memory-bomb-vulnerability-causes-sui-node-to-crash-7e8e3ef5057c
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mystenlabs:sui:*:*:*:*:*:*:*:*

Версия до 1.6.3 (исключая)

EPSS

Процентиль: 86%

0.02775

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-94

Связанные уязвимости

GHSA-f9x8-85w7-chxv