mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
106 lines
3.3 KiB
JSON
106 lines
3.3 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"AKA": "Rab13s",
|
|
"ASSIGNER": "disclosures@halborn.com",
|
|
"DATE_PUBLIC": "2023-03-13T16:00:00.000Z",
|
|
"ID": "CVE-2023-30769",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "Rab13s Exploit"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Node",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "Release",
|
|
"version_value": "1.14.6"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Dogecoin"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"credit": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Hossam Mohamed (safe_buffer)"
|
|
}
|
|
],
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Vulnerability discovered is related to the peer-to-peer (p2p) communications, attackers can craft consensus messages, send it to individual nodes and take them offline. An attacker can crawl the network peers using getaddr message and attack the unpatched nodes."
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.0.9"
|
|
},
|
|
"impact": {
|
|
"cvss": {
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 9.1,
|
|
"baseSeverity": "CRITICAL",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "HIGH",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
|
|
"version": "3.1"
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-400 Uncontrolled Resource Consumption"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "https://www.halborn.com/blog/post/halborn-discovers-zero-day-impacting-dogecoin-and-280-networks",
|
|
"refsource": "MISC",
|
|
"url": "https://www.halborn.com/blog/post/halborn-discovers-zero-day-impacting-dogecoin-and-280-networks"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://www.halborn.com/disclosures",
|
|
"name": "https://www.halborn.com/disclosures"
|
|
}
|
|
]
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Upgrade to Node release version 1.14.6."
|
|
}
|
|
],
|
|
"source": {
|
|
"discovery": "INTERNAL"
|
|
}
|
|
} |