18 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-27117
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator. CVE-2023-27117 Note that Nessus relies on the...
CVE-2023-27117
WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator...
PYSEC-2023-317
WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator...
CVE-2023-27117
WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator...
PYSEC-2023-317
WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator...
DEBIAN-CVE-2023-27117
WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator...
Design/Logic Flaw
WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator...
UBUNTU-CVE-2023-27117
WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator...
CVE-2023-27117
WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator...
CVE-2023-27117
WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator...
CVE-2023-27117
WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator...
CVE-2023-27117
CVE-2023-27117 affects WebAssembly v1.0.29, with a heap overflow in wabt::Node::operator. The vulnerability is tied to WebAssembly’s wabt component; isolation and exploitation details in the provided documents are limited, but there is an explicit remediation note to update to a newer version tha...
PT-2023-20963 · Unknown +1 · Webassembly +1
Name of the Vulnerable Software and Affected Versions: WebAssembly version 1.0.29 Description: A heap overflow issue was discovered in WebAssembly via the wabt::Node::operator component. Recommendations: For version 1.0.29, update to a newer version that contains a fix for this issue...
Mitigation Confirmed for Mitigation of H-06 Issue mitigated
C4 issue H-06: MinipoolManager: node operator can avoid being slashed Comments In the original implementation, there were a few scenarios where malicious node operators can avoid being slashed. Mitigation PR 41 This PR includes mitigation for various issues H-03, H-06, M-13. Just focusing on the...
Upgraded Q -> 2 from #214 [1675930440482]
Judge has assessed an item in Issue 214 as 2 risk. The relevant finding follows: cenario 2 - Use node of node operator In this scenario the NodeOp registers for a duration longer then 14 days. The hacker will hijack the minipool after 14 days and earn rewards on behalf of the node operators node...
Upgraded Q -> 3 from #867 [1675460716325]
Judge has assessed an item in Issue 867 as 3 risk. The relevant finding follows: L-02, MinipoolManager, lines 670 - 684: The slash function slashes a node operator for the amount of whole duration. Since the cycles are in 14 days and the slashing is checked in the recordStakingEnd, if an operator...
Malicious user can use previously used nodeID to prevent user(s) from withdrawing minipool funds
Lines of code Vulnerability details In createMinipool, an event is emitted with details of a newly created minipool. This includes relevant information that a subsequent user can utilise to create another minipool.The only condition that prevents a minipool from being created again with the same...
Possible to block withdrawal of staked funds after recordStakingEnd or stakingError
Lines of code Vulnerability details Impact Node operators can lose their staked AVAX after stakingEnd or stakingError. Funds will be locked in the Staking contract, but impossible to withdraw. A bad actor does need to supply 1000 AVAX which he gets back and has not have real incentive to do it, b...