Lucene search

HalbornCVELIST:CVE-2023-30769

HistoryApr 17, 2023 - 12:00 a.m.

CVE-2023-30769 Rab13s Exploit

2023-04-1700:00:00

CWE-400

Halborn

www.cve.org

vulnerability

p2p

communication

attackers

consensus

messages

nodes

network

unpatched

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

58.6%

JSON

Vulnerability discovered is related to the peer-to-peer (p2p) communications, attackers can craft consensus messages, send it to individual nodes and take them offline. An attacker can crawl the network peers using getaddr message and attack the unpatched nodes.

CNA Affected

[
  {
    "vendor": "Dogecoin",
    "product": "Node",
    "versions": [
      {
        "version": "Release",
        "status": "affected",
        "lessThan": "1.14.6",
        "versionType": "custom"
      }
    ]
  }
]

References

www.halborn.com/blog/post/halborn-discovers-zero-day-impacting-dogecoin-and-280-networks

www.halborn.com/disclosures

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

58.6%

JSON

Related for CVELIST:CVE-2023-30769