Veracode Vulnerability DatabaseVERACODE:46855Improper Check For Unusual Or Exceptional Conditions
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.6%
github.com/spacemeshos/go-spacemesh is vulnerable to Improper Check for Unusual or Exceptional Conditions. The vulnerability is due to the incorrect referencing of previous activation transactions (ATXs). An attacker can manipulate the reward system by referencing an earlier ATX, thereby bypassing the protocol’s requirement to maintain PoST data for a full epoch.
References
github.com/advisories/GHSA-jcqq-g64v-gcm7
github.com/spacemeshos/api/commit/1d5bd972bbe225d024c3e0ae5214ddb6b481716e
github.com/spacemeshos/go-spacemesh/commit/9aff88d54be809ac43d60e8a8b4d65359c356b87
github.com/spacemeshos/go-spacemesh/security/advisories/GHSA-jcqq-g64v-gcm7
spacemesh.io/blog/spacemesh-white-paper-1/
Related
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.6%