Lucene search
+L

76 matches found

Github Security Blog
Github Security Blog
added 2024/02/02 10:23 p.m.13 views

Nervos CKB node panics when processing a block which parent timestamp is too new

Impact Adversary can initiate DOS attack by broadcasting two consecutive blocks with timestamps in the future. Patches Please upgrade to v0.34.1...

7AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/02 10:23 p.m.17 views

Nervos CKB BlockTimeTooNew should not be considered as invalid block

Impact Currently, when a node receives a block in future according to its local wall clock, it will mark the block as invalid and ban the peer. If the header's timestamp is more than 15 seconds ahead of our current time. In that case, the header may become valid in the future, and we don't want t...

6.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2024/02/02 10:23 p.m.13 views

GHSA-R9RV-9MH8-PXF4 Nervos CKB BlockTimeTooNew should not be considered as invalid block

Impact Currently, when a node receives a block in future according to its local wall clock, it will mark the block as invalid and ban the peer. If the header's timestamp is more than 15 seconds ahead of our current time. In that case, the header may become valid in the future, and we don't want t...

6.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/02/02 10:22 p.m.17 views

Nervos CKB DoS: Process exists when p2p discovery protocol receives unsupported peer IP

The p2p discovery protocol assumes that the peer IP must be valid IPv4 address...

7.1AI score
Exploits0References3Affected Software1
OSV
OSV
added 2024/02/02 10:22 p.m.7 views

GHSA-PR39-8257-FXC2 Nervos CKB DoS: Process exists when p2p discovery protocol receives unsupported peer IP

The p2p discovery protocol assumes that the peer IP must be valid IPv4 address...

7.1AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/02/02 10:21 p.m.14 views

Nervos CKB P2P DoS Attacks

The P2P protocols lack of rate limit. For example, in relay protocol, when a node receives a broadcasted txhashes, it will mark it in memory to avoid duplicated requests. code → . It is easy to establish a DoS attach by generating random tx hashes. Impact It affects all nodes connected to the P2P...

7AI score
Exploits0References3Affected Software1
OSV
OSV
added 2024/02/02 10:21 p.m.7 views

GHSA-84X2-2QV6-QG56 Nervos CKB P2P DoS Attacks

The P2P protocols lack of rate limit. For example, in relay protocol, when a node receives a broadcasted txhashes, it will mark it in memory to avoid duplicated requests. code → . It is easy to establish a DoS attach by generating random tx hashes. Impact It affects all nodes connected to the P2P...

7AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/02/02 8:59 p.m.18 views

Nervos CKB Unaligned Pointer Dereference

via [email protected] There are multiple type conversions in ckb that unsafely cast between byte pointers and other types of pointers. This results in unaligned pointers, which are not allowed by the Rust language, and are considered undefined behavior, meaning that the compiler is free to do...

7.5AI score
Exploits0References3Affected Software1
OSV
OSV
added 2024/02/02 8:59 p.m.16 views

GHSA-Q669-2VFG-CXCG Nervos CKB Unaligned Pointer Dereference

via [email protected] There are multiple type conversions in ckb that unsafely cast between byte pointers and other types of pointers. This results in unaligned pointers, which are not allowed by the Rust language, and are considered undefined behavior, meaning that the compiler is free to do...

7.5AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/02 12:0 a.m.4 views

PT-2024-40421 · Ckb · Ckb

Name of the Vulnerable Software and Affected Versions: ckb affected versions not specified Description: The issue arises from multiple type conversions in ckb that unsafely cast between byte pointers and other types of pointers, resulting in unaligned pointers. This is considered undefined behavi...

7.3AI score
Exploits0References3
Openbugbounty
Openbugbounty
added 2023/05/27 2:29 p.m.6 views

ckbhospital.com Cross Site Scripting vulnerability OBB-3365222

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/02/08 6:17 p.m.15 views

Nervos CKB vulnerable to low-resource flood DDoS attacks through network message

Workarounds forbid request genesis through network request forbid requesting duplicate data through network request...

3AI score
Exploits0References2Affected Software1
OSV
OSV
added 2023/02/08 6:17 p.m.11 views

GHSA-P2GM-FFR3-W2XW Nervos CKB vulnerable to low-resource flood DDoS attacks through network message

Workarounds forbid request genesis through network request forbid requesting duplicate data through network request...

7.2AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/02/08 6:15 p.m.18 views

Nervos CKB calculation of program load cycles may be missed when executing in resume mode

Impact The calculation of program load cycles may be missed when executing in resume mode. Since the script execution order is now determined, this issue does not cause network splitting...

2.1AI score
Exploits0References2Affected Software1
OSV
OSV
added 2023/02/08 6:15 p.m.10 views

GHSA-FJJ4-2Q73-JVGC Nervos CKB calculation of program load cycles may be missed when executing in resume mode

Impact The calculation of program load cycles may be missed when executing in resume mode. Since the script execution order is now determined, this issue does not cause network splitting...

7.2AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/11/02 6:15 p.m.19 views

ckb type_id script resume may randomly fail

Impact https://github.com/nervosnetwork/ckb/blob/v0.101.2/script/src/verify.rsL871-L879 TypeIdSystemScript resume handle is not correct when maxcycles is not enough, ScriptError::ExceededMaximumCycles will be raised directly ranther than suspend as expect, and also because scriptgroup execution...

0.2AI score
Exploits0References3Affected Software1
OSV
OSV
added 2022/11/02 6:15 p.m.17 views

GHSA-MCMR-49X3-4JQM ckb type_id script resume may randomly fail

Impact https://github.com/nervosnetwork/ckb/blob/v0.101.2/script/src/verify.rsL871-L879 TypeIdSystemScript resume handle is not correct when maxcycles is not enough, ScriptError::ExceededMaximumCycles will be raised directly ranther than suspend as expect, and also because scriptgroup execution...

7.2AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/11/02 6:14 p.m.11 views

ckb: Transaction header_deps validation issue (network forking)

Impact fn HeaderCheckercheckvalid skipped main chain checking after this PR: https://github.com/nervosnetwork/ckb/pull/1646/filesdiff-c4e017b67c1b3005ca0c446a9b0879571aa36a858b1f7ddd1b9328a884e3214bR171-R176 It will cause network forking if one transaction is using a forked block header which is...

1.5AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/22 8:23 p.m.17 views

Dep Group Remote Memory Exhaustion (Denial of Service) in ckb

Impact A remote attacker could exploit this vulnerability to exhaust ckb process memory of an affected node. Patches Upgrade to 0.43.1 or later. References After resolving the outpoints of one dep group, we put the corresponding content into a vec...

1AI score
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2022/04/21 12:0 a.m.6 views

Bulletproofs 加密问题漏洞

Bulletproofs is a short non-interactive zero-knowledge proof by Benedikt Bünz Personal Developer, USA. Bulletproofs 2017/1066 suffers from a security vulnerability that stems from an insecure implementation of the Fiat-Shamir transformation. An attacker can exploit this vulnerability to forge...

8.1CVSS7.8AI score0.00719EPSS
Exploits1References3
Rows per page
Query Builder