CVE-2023-42374

moderate-risk
Published 2024-02-13

An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote attacker to execute arbitrary code and cause a denial of service via a crafted compressed script to the Sui node component.

Do I need to act?

~
2.8% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: f4a70c831b84ffd12a1b9c19c3c4bb7d15ad993a, 42d4ad103a21d23fecd7c0271453da41604e71e9
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Sui

Affected Vendors

Mystenlabs

References (6)

Third Party Advisory https://beosin.com/resources/%22memory-bomb%22-vulnerability-causes-sui-node-to-...
Patch https://github.com/MystenLabs/sui/commit/42d4ad103a21d23fecd7c0271453da41604e71e...
Broken Link https://medium.com/%40Beosin_com/memory-bomb-vulnerability-causes-sui-node-to-cr...
Third Party Advisory https://beosin.com/resources/%22memory-bomb%22-vulnerability-causes-sui-node-to-...
Patch https://github.com/MystenLabs/sui/commit/42d4ad103a21d23fecd7c0271453da41604e71e...
Broken Link https://medium.com/%40Beosin_com/memory-bomb-vulnerability-causes-sui-node-to-cr...
43
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 6/34 · Minimal
Exposure 5/34 · Minimal