Lucene search

[email protected]CVE-2023-36184

HistorySep 08, 2023 - 2:15 a.m.

CVE-2023-36184

2023-09-0802:15:08

CWE-787

[email protected]

web.nvd.nist.gov

sui

blockchain

stack overflow

vulnerability

cmysten labs

nvd

cve-2023-36184

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

20.4%

JSON

CMysten Labs Sui blockchain v1.2.0 was discovered to contain a stack overflow via the component /spec/openrpc.json.

Affected configurations

NVD

Node

aptosfoundationaptosRange<1.4.3

move_projectmoveMatch-

mystenlabssuiRange<1.2.1

CPENameOperatorVersion
aptosfoundation:aptosaptosfoundation aptoslt1.4.3
move_project:movemove project moveeq-
mystenlabs:suimystenlabs suilt1.2.1

CPE	Name	Operator	Version
aptosfoundation:aptos	aptosfoundation aptos	lt	1.4.3
move_project:move	move project move	eq	-
mystenlabs:sui	mystenlabs sui	lt	1.2.1

References

github.com/aptos-labs/aptos-core/commit/47a0391c612407fe0b1051ef658a29e35d986963

github.com/move-language/move/issues/1059

github.com/MystenLabs/sui/commit/8b681515c0cf435df2a54198a28ab4ef574d202b

medium.com/%40Beosin_com/critical-vulnerability-in-move-vm-can-cause-total-network-shutdown-and-potential-hard-fork-in-sui-49d0d942801c

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

20.4%

JSON

Related for CVE-2023-36184

nvd1 prion1 osv1 cvelist1