CVE-2024-32985

Summary

Stellar-core is a reference implementation for the peer-to-peer agent that manages the Stellar network. Prior to 20.4.0, core nodes could be randomly crashed due to a race condition with a 3rd party library. The likelihood of affecting the network is low since crashed nodes come back up online right away. Code fix mitigation is part of Stellar-core v20.4.0 release

Affected Software

VendorProductVersion RangeStatus
stellarstellar-core< 20.4.0affected

Weaknesses

  • CWE-362: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References