EUVD-2025-29465

Malicious code in bioql PyPI...

CVE-2024-58265

The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery...

Duplicate Advisory: Unauthenticated Nonce Increment in snow

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7g9j-g5jg-3vv3. This link is maintained to preserve external references. Original Description The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby...

GHSA-97F8-H76H-F297 Duplicate Advisory: Unauthenticated Nonce Increment in snow

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7g9j-g5jg-3vv3. This link is maintained to preserve external references. Original Description The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby...

CVE-2024-58265

The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery...

DEBIAN-CVE-2024-58265

The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery...

UBUNTU-CVE-2024-58265

The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery...

CVE-2024-58265

The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery...

CVE-2024-58265

The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery...

Unauthenticated Nonce Increment in snow

Impact There was a logic bug where unauthenticated payloads could still cause a nonce increment in snow's internal state. For an attacker with the ability to inject packets into the channel Noise is talking over, this allows a denial-of-service type attack which could prevent communication as it...

GHSA-7G9J-G5JG-3VV3 Unauthenticated Nonce Increment in snow

Impact There was a logic bug where unauthenticated payloads could still cause a nonce increment in snow's internal state. For an attacker with the ability to inject packets into the channel Noise is talking over, this allows a denial-of-service type attack which could prevent communication as it...

RUSTSEC-2024-0011 Unauthenticated Nonce Increment in snow

There was a logic bug where unauthenticated payloads could still cause a nonce increment in snow's internal state. For an attacker with privileges to inject packets into the channel over which the Noise session operates, this could allow a denial-of-service attack which could prevent message...

Unauthenticated Nonce Increment in snow

There was a logic bug where unauthenticated payloads could still cause a nonce increment in snow's internal state. For an attacker with privileges to inject packets into the channel over which the Noise session operates, this could allow a denial-of-service attack which could prevent message...

PT-2025-31024 · Snow · Snow

Name of the Vulnerable Software and Affected Versions: snow crate versions prior to 0.9.5 Description: The snow crate, when using stateful TransportState, allows incrementing a nonce, potentially leading to denial of message delivery. Recommendations: Update to snow crate version 0.9.5 or later...

voteForManyWithSig functions in CultureIndex are open to replay attacks if fails.

Lines of code Vulnerability details Impact If vote fails or reverts for any reason, the nonce in verifyVoteSignature doesn't increment. This leads to the same vote tx being replayed by anyone. Proof of Concept A user submits a vote via voteForManyWithSig, triggering verifyVoteSignature for...

GHSA-J494-7X2V-VVVP mx-chain-go's relayed transactions always increment nonce

Impact When executing a relayed transaction, if the inner transaction failed, it would have increased the inner transaction's sender account nonce. This could have contributed to a limited DoS attack on a targeted account. The fix is a breaking change so a new flag RelayedNonceFixEnableEpoch was...