CVE-2024-58131

Summary

FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a malicious node (that has modified the codebase to allow a large min_seal_time value) joins a blockchain network.

Affected Software

VendorProductVersion RangeStatus
FISCO-BCOSFISCO-BCOS3.11.0affected

Weaknesses

  • CWE-821: CWE-821 Incorrect Synchronization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References