CVE-2024-58131

FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a malicious node (that has modified the codebase to allow a large min_seal_time value) joins a blockchain network.

CVSS v3 4.0 MEDIUM

4.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://github.com/FISCO-BCOS/FISCO-BCOS/issues/4656	Exploit Issue Tracking
https://github.com/FISCO-BCOS/FISCO-BCOS/issues/4656	Exploit Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:fisco-bcos:fisco-bcos:3.11.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-04-06 03:15

Updated : 2025-04-08 16:45

NVD link : CVE-2024-58131

Mitre link : CVE-2024-58131

CVE.ORG link : CVE-2024-58131

JSON object : View

Products Affected

fisco-bcos

fisco-bcos

CWE

CWE-821

Incorrect Synchronization

CWE-662

Improper Synchronization

{"id": "CVE-2024-58131", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.2}]}, "published": "2025-04-06T03:15:13.967", "references": [{"url": "https://github.com/FISCO-BCOS/FISCO-BCOS/issues/4656", "tags": ["Exploit", "Issue Tracking"], "source": "[email protected]"}, {"url": "https://github.com/FISCO-BCOS/FISCO-BCOS/issues/4656", "tags": ["Exploit", "Issue Tracking"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-821"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-662"}]}], "descriptions": [{"lang": "en", "value": "FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a malicious node (that has modified the codebase to allow a large min_seal_time value) joins a blockchain network."}, {"lang": "es", "value": "FISCO BCOS 3.11.0 tiene un problema con la sincronizaci\u00f3n del grupo de transacciones que se puede observar, por ejemplo, cuando un nodo malicioso (que ha modificado la base de c\u00f3digo para permitir un valor min_seal_time grande) se une a una red blockchain."}], "lastModified": "2025-04-08T16:45:17.107", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fisco-bcos:fisco-bcos:3.11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3B2555C-B485-46AF-B5F2-926798817527"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}