CVE-2024-32985

Stellar-core is a reference implementation for the peer-to-peer agent that manages the Stellar network. Prior to 20.4.0, core nodes could be randomly crashed due to a race condition with a 3rd party library. The likelihood of affecting the network is low since crashed nodes come back up online right away. Code fix mitigation is part of Stellar-core v20.4.0 release

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/stellar/stellar-core/security/advisories/GHSA-mgx8-frjx-x33m
https://github.com/stellar/stellar-core/security/advisories/GHSA-mgx8-frjx-x33m

Configurations

No configuration.

History

21 Nov 2024, 09:16

Type	Values Removed	Values Added
References	~~() https://github.com/stellar/stellar-core/security/advisories/GHSA-mgx8-frjx-x33m -~~	() https://github.com/stellar/stellar-core/security/advisories/GHSA-mgx8-frjx-x33m -
Summary		(es) Stellar-core es una implementación de referencia para el agente peer-to-peer que gestiona la red Stellar. Antes de 20.4.0, los nodos principales podían bloquearse aleatoriamente debido a una condición de ejecución con una librería de terceros. La probabilidad de afectar la red es baja ya que los nodos bloqueados vuelven a estar en línea de inmediato. La mitigación de corrección de código es parte de la versión Stellar-core v20.4.0

14 May 2024, 15:37

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-14 15:37

Updated : 2024-11-21 09:16

NVD link : CVE-2024-32985

Mitre link : CVE-2024-32985

CVE.ORG link : CVE-2024-32985

JSON object : View

Products Affected

No product.

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

5.9 /10