Vulnerability Details : CVE-2023-42806
Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, not signing and verifying `$\mathsf{cid}$` allows an attacker (which must be a participant of this head) to use a snapshot from an old head instance with the same participants to close the head or contest the state with it. This can lead to an incorrect distribution of value (= value extraction attack; hard, but possible) or prevent the head to finalize because the value available is not consistent with the closed utxo state (= denial of service; easy). A patch is planned for version 0.13.0. As a workaround, rotate keys between heads so not to re-use keys and not result in the same multi-signature participants.
Vulnerability category: Denial of service
Products affected by CVE-2023-42806
- cpe:2.3:a:iohk:hydra:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-42806
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 56 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-42806
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
1.2
|
5.2
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
1.2
|
5.2
|
GitHub, Inc. |
CWE ids for CVE-2023-42806
-
The product does not verify, or incorrectly verifies, the cryptographic signature for data.Assigned by: security-advisories@github.com (Primary)
References for CVE-2023-42806
-
https://github.com/input-output-hk/hydra/blob/ec6c7a2ab651462228475d0b34264e9a182c22bb/hydra-node/src/Hydra/HeadLogic.hs#L357
hydra/hydra-node/src/Hydra/HeadLogic.hs at ec6c7a2ab651462228475d0b34264e9a182c22bb · input-output-hk/hydra · GitHubProduct
-
https://github.com/input-output-hk/hydra/security/advisories/GHSA-gr36-mc6v-72qq
Snapshot signature not including HeadID will allow replay attacks · Advisory · input-output-hk/hydra · GitHubVendor Advisory
-
https://github.com/input-output-hk/hydra/blob/ec6c7a2ab651462228475d0b34264e9a182c22bb/hydra-node/src/Hydra/Snapshot.hs#L50-L54
hydra/hydra-node/src/Hydra/Snapshot.hs at ec6c7a2ab651462228475d0b34264e9a182c22bb · input-output-hk/hydra · GitHubProduct
-
https://github.com/input-output-hk/hydra/blob/ec6c7a2ab651462228475d0b34264e9a182c22bb/hydra-plutus/src/Hydra/Contract/Head.hs#L583-L599
hydra/hydra-plutus/src/Hydra/Contract/Head.hs at ec6c7a2ab651462228475d0b34264e9a182c22bb · input-output-hk/hydra · GitHubProduct
Jump to