Lucene search

HalbornCVE-2023-30769

HistoryApr 17, 2023 - 8:15 p.m.

CVE-2023-30769

2023-04-1720:15:07

CWE-400

Halborn

web.nvd.nist.gov

cve-2023-30769

nvd

vulnerability

p2p

communications

consensus messages

attack

network

nodes

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.002

Percentile

58.6%

JSON

Vulnerability discovered is related to the peer-to-peer (p2p) communications, attackers can craft consensus messages, send it to individual nodes and take them offline. An attacker can crawl the network peers using getaddr message and attack the unpatched nodes.

Affected configurations

Nvd

Node

dogecoindogecoinRange<1.14.6

VendorProductVersionCPE
dogecoindogecoin*cpe:2.3:a:dogecoin:dogecoin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dogecoin	dogecoin	*	cpe:2.3:a:dogecoin:dogecoin::::::::

CNA Affected

[
  {
    "vendor": "Dogecoin",
    "product": "Node",
    "versions": [
      {
        "version": "Release",
        "status": "affected",
        "lessThan": "1.14.6",
        "versionType": "custom"
      }
    ]
  }
]

References

www.halborn.com/blog/post/halborn-discovers-zero-day-impacting-dogecoin-and-280-networks

www.halborn.com/disclosures

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.002

Percentile

58.6%

JSON

Related for CVE-2023-30769