Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2023-33964
Modified
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-31 May, 2023 | 18:15
Updated At-21 Nov, 2024 | 08:06

mx-chain-go is an implementation of the MultiversX blockchain protocol written in the Go language. Metachain cannot process a cross-shard miniblock. Prior to version 1.4.16, an invalid transaction with the wrong username on metachain is not treated correctly on the metachain transaction processor. This is strictly a processing issue that could have happened on MultiversX chain. If an error like this had occurred, the metachain would have stopped notarizing blocks from the shard chains. The resuming of notarization is possible only after applying a patched binary version. A patch in version 1.4.16 introduces `processIfTxErrorCrossShard` for the metachain transaction processor. There are no known workarounds for this issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.6HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CPE Matches
multiversx
multiversx
>>mx-chain-go>>Versions before 1.4.16(exclusive)
cpe:2.3:a:multiversx:mx-chain-go:*:*:*:*:*:go:*:*
Weaknesses
CWE IDTypeSource
CWE-20Secondarysecurity-advisories@github.com
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: security-advisories@github.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/multiversx/mx-chain-go/commit/97295471465f4b5f79e51b32f8b7111f8d921606security-advisories@github.com
Patch
https://github.com/multiversx/mx-chain-go/security/advisories/GHSA-7xpv-4pm9-xch2security-advisories@github.com
Vendor Advisory
https://github.com/multiversx/mx-chain-go/commit/97295471465f4b5f79e51b32f8b7111f8d921606af854a3a-2127-422b-91ae-364da2661108
Patch
https://github.com/multiversx/mx-chain-go/security/advisories/GHSA-7xpv-4pm9-xch2af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://github.com/multiversx/mx-chain-go/commit/97295471465f4b5f79e51b32f8b7111f8d921606
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/multiversx/mx-chain-go/security/advisories/GHSA-7xpv-4pm9-xch2
Source: security-advisories@github.com
Resource:
Vendor Advisory
Hyperlink: https://github.com/multiversx/mx-chain-go/commit/97295471465f4b5f79e51b32f8b7111f8d921606
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://github.com/multiversx/mx-chain-go/security/advisories/GHSA-7xpv-4pm9-xch2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Change History
0Changes found
Details not found