CVE-2023-36184

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-36184
CMysten Labs Sui blockchain v1.2.0 was discovered to contain a stack overflow via the component /spec/openrpc.json.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/MystenLabs/sui/commit/8b681515c0cf435df2a54198a28ab4ef574d202b Patch
https://github.com/aptos-labs/aptos-core/commit/47a0391c612407fe0b1051ef658a29e35d986963 Patch
https://github.com/move-language/move/issues/1059 Issue Tracking Patch
https://medium.com/%40Beosin_com/critical-vulnerability-in-move-vm-can-cause-total-network-shutdown-and-potential-hard-fork-in-sui-49d0d942801c
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:aptosfoundation:aptos:*:*:*:*:*:*:*:*
cpe:2.3:a:move_project:move:-:*:*:*:*:*:*:*
cpe:2.3:a:mystenlabs:sui:*:*:*:*:*:*:*:*
History

07 Nov 2023, 04:16

Type Values Removed Values Added
References
  • {'url': 'https://medium.com/@Beosin_com/critical-vulnerability-in-move-vm-can-cause-total-network-shutdown-and-potential-hard-fork-in-sui-49d0d942801c', 'name': 'https://medium.com/@Beosin_com/critical-vulnerability-in-move-vm-can-cause-total-network-shutdown-and-potential-hard-fork-in-sui-49d0d942801c', 'tags': ['Exploit', 'Patch', 'Technical Description', 'Third Party Advisory'], 'refsource': 'MISC'}
  • () https://medium.com/%40Beosin_com/critical-vulnerability-in-move-vm-can-cause-total-network-shutdown-and-potential-hard-fork-in-sui-49d0d942801c -

13 Sep 2023, 16:22

Type Values Removed Values Added
References (MISC) https://medium.com/@Beosin_com/critical-vulnerability-in-move-vm-can-cause-total-network-shutdown-and-potential-hard-fork-in-sui-49d0d942801c - (MISC) https://medium.com/@Beosin_com/critical-vulnerability-in-move-vm-can-cause-total-network-shutdown-and-potential-hard-fork-in-sui-49d0d942801c - Exploit, Patch, Technical Description, Third Party Advisory
References (MISC) https://github.com/MystenLabs/sui/commit/8b681515c0cf435df2a54198a28ab4ef574d202b - (MISC) https://github.com/MystenLabs/sui/commit/8b681515c0cf435df2a54198a28ab4ef574d202b - Patch
References (MISC) https://github.com/aptos-labs/aptos-core/commit/47a0391c612407fe0b1051ef658a29e35d986963 - (MISC) https://github.com/aptos-labs/aptos-core/commit/47a0391c612407fe0b1051ef658a29e35d986963 - Patch
References (MISC) https://github.com/move-language/move/issues/1059 - (MISC) https://github.com/move-language/move/issues/1059 - Issue Tracking, Patch
CWE CWE-787
CPE cpe:2.3:a:aptosfoundation:aptos:*:*:*:*:*:*:*:*
cpe:2.3:a:mystenlabs:sui:*:*:*:*:*:*:*:*
cpe:2.3:a:move_project:move:-:*:*:*:*:*:*:*
First Time Mystenlabs
Aptosfoundation
Move Project move
Mystenlabs sui
Move Project
Aptosfoundation aptos
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5

08 Sep 2023, 02:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-09-08 02:15

Updated : 2024-02-28 20:33

NVD link : CVE-2023-36184

Mitre link : CVE-2023-36184

CVE.ORG link : CVE-2023-36184

JSON object : View

Products Affected

mystenlabs

  • sui

aptosfoundation

  • aptos

move_project

  • move
CWE
CWE-787

Out-of-bounds Write


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024