Vulnerability Details : CVE-2023-42374
An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote attacker to execute arbitrary code and cause a denial of service via a crafted compressed script to the Sui node component.
Vulnerability category: Execute codeDenial of service
Products affected by CVE-2023-42374
- cpe:2.3:a:mystenlabs:sui:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-42374
2.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-42374
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-08-01 |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | 2024-10-21 |
CWE ids for CVE-2023-42374
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-42374
-
https://github.com/MystenLabs/sui/commit/42d4ad103a21d23fecd7c0271453da41604e71e9
Reduce anemo message limit to 1G (#13231) · MystenLabs/sui@42d4ad1 · GitHubPatch
-
https://beosin.com/resources/%22memory-bomb%22-vulnerability-causes-sui-node-to-crash?lang=en-US
"Memory Bomb" Vulnerability Causes Sui Node to CrashThird Party Advisory
-
https://medium.com/%40Beosin_com/memory-bomb-vulnerability-causes-sui-node-to-crash-7e8e3ef5057c
410 account suspended — MediumBroken Link
Jump to