Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:46855
HistoryMay 13, 2024 - 10:15 a.m.

Improper Check For Unusual Or Exceptional Conditions

2024-05-1310:15:18
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
3
github
spacemeshos
vulnerability
improper check
exceptional conditions
software
activation transactions
manipulattion
reward system
post data
protocol
epoch

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

github.com/spacemeshos/go-spacemesh is vulnerable to Improper Check for Unusual or Exceptional Conditions. The vulnerability is due to the incorrect referencing of previous activation transactions (ATXs). An attacker can manipulate the reward system by referencing an earlier ATX, thereby bypassing the protocol’s requirement to maintain PoST data for a full epoch.

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

Related for VERACODE:46855