CVE-2024-58131

FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a malicious node (that has modified the codebase to allow a large min_seal_time value) joins a blockchain network.

CVSS v3 4.0 MEDIUM

4.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://github.com/FISCO-BCOS/FISCO-BCOS/issues/4656	Exploit Issue Tracking
https://github.com/FISCO-BCOS/FISCO-BCOS/issues/4656	Exploit Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:fisco-bcos:fisco-bcos:3.11.0:*:*:*:*:*:*:*

History

08 Apr 2025, 16:45

Type	Values Removed	Values Added
References	~~() https://github.com/FISCO-BCOS/FISCO-BCOS/issues/4656 -~~	() https://github.com/FISCO-BCOS/FISCO-BCOS/issues/4656 - Exploit, Issue Tracking
First Time		Fisco-bcos fisco-bcos Fisco-bcos
CPE		cpe:2.3:a:fisco-bcos:fisco-bcos:3.11.0:::::::*
CWE		CWE-662

07 Apr 2025, 14:17

Type	Values Removed	Values Added
References	~~() https://github.com/FISCO-BCOS/FISCO-BCOS/issues/4656 -~~	() https://github.com/FISCO-BCOS/FISCO-BCOS/issues/4656 -
Summary		(es) FISCO BCOS 3.11.0 tiene un problema con la sincronización del grupo de transacciones que se puede observar, por ejemplo, cuando un nodo malicioso (que ha modificado la base de código para permitir un valor min_seal_time grande) se une a una red blockchain.

06 Apr 2025, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-06 03:15

Updated : 2025-04-08 16:45

NVD link : CVE-2024-58131

Mitre link : CVE-2024-58131

CVE.ORG link : CVE-2024-58131

JSON object : View

Products Affected

fisco-bcos

fisco-bcos

CWE

CWE-821

Incorrect Synchronization

CWE-662

Improper Synchronization

{"id": "CVE-2024-58131", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.2}]}, "published": "2025-04-06T03:15:13.967", "references": [{"url": "https://github.com/FISCO-BCOS/FISCO-BCOS/issues/4656", "tags": ["Exploit", "Issue Tracking"], "source": "cve@mitre.org"}, {"url": "https://github.com/FISCO-BCOS/FISCO-BCOS/issues/4656", "tags": ["Exploit", "Issue Tracking"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cve@mitre.org", "description": [{"lang": "en", "value": "CWE-821"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-662"}]}], "descriptions": [{"lang": "en", "value": "FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a malicious node (that has modified the codebase to allow a large min_seal_time value) joins a blockchain network."}, {"lang": "es", "value": "FISCO BCOS 3.11.0 tiene un problema con la sincronizaci\u00f3n del grupo de transacciones que se puede observar, por ejemplo, cuando un nodo malicioso (que ha modificado la base de c\u00f3digo para permitir un valor min_seal_time grande) se une a una red blockchain."}], "lastModified": "2025-04-08T16:45:17.107", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fisco-bcos:fisco-bcos:3.11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3B2555C-B485-46AF-B5F2-926798817527"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}