Unauthenticated Nonce Increment in snow

2024-01-2420:53:48

CWE-440

GitHub Advisory Database

github.com

logic bug

unauthenticated payloads

nonce increment

snow

denial-of-service

injection

noise

communication

stateful transportstate

statelesstransportstate

patch

version 0.9.5

update

security vulnerability

6.9 Medium

AI Score

Confidence

High

JSON

Impact

There was a logic bug where unauthenticated payloads could still cause a nonce increment in snow’s internal state. For an attacker with the ability to inject packets into the channel Noise is talking over, this allows a denial-of-service type attack which could prevent communication as it causes the sending and receiving side to be expecting different nonce values than would arrive.

Note that this only affects those who are using the stateful TransportState, not those using StatelessTransportState.

Patches

This has been patched in version 0.9.5, and all users are recommended to update.

References

There will be a more formal report of this in the near future.

Affected configurations

Vulners

Node

snowsoftwaresnow_commanderRange<0.9.5

CPENameOperatorVersion
snowlt0.9.5

CPE	Name	Operator	Version
	snow	lt	0.9.5

References

github.com/advisories/GHSA-7g9j-g5jg-3vv3

github.com/mcginty/snow/commit/12e8ae55547ae297d5f70599e5c884ea891303eb

github.com/mcginty/snow/security/advisories/GHSA-7g9j-g5jg-3vv3

rustsec.org/advisories/RUSTSEC-2024-0011.html

6.9 Medium

AI Score

Confidence

High

JSON