Vulnerability Details : CVE-2023-36184
CMysten Labs Sui blockchain v1.2.0 was discovered to contain a stack overflow via the component /spec/openrpc.json.
Vulnerability category: Memory Corruption
Products affected by CVE-2023-36184
- cpe:2.3:a:aptosfoundation:aptos:*:*:*:*:*:*:*:*
- cpe:2.3:a:move_project:move:-:*:*:*:*:*:*:*
- cpe:2.3:a:mystenlabs:sui:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-36184
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 39 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-36184
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2023-36184
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-36184
-
https://github.com/aptos-labs/aptos-core/commit/47a0391c612407fe0b1051ef658a29e35d986963
cherry-pick: improved value depth checks in the VM (#8488) · aptos-labs/aptos-core@47a0391 · GitHubPatch
-
https://medium.com/@Beosin_com/critical-vulnerability-in-move-vm-can-cause-total-network-shutdown-and-potential-hard-fork-in-sui-49d0d942801c
Critical Vulnerability in Move VM: Can Cause Total Network Shutdown and Potential Hard Fork in Sui, Aptos, and Other Public Blockchains | by Beosin | MediumExploit;Patch;Technical Description;Third Party Advisory
-
https://github.com/move-language/move/issues/1059
[Bug] A patch for a DoS vulnerability needs to be applied · Issue #1059 · move-language/move · GitHubIssue Tracking;Patch
-
https://github.com/MystenLabs/sui/commit/8b681515c0cf435df2a54198a28ab4ef574d202b
Move values cleanup · MystenLabs/sui@8b68151 · GitHubPatch
Jump to