CVE-2023-42449

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Oct 4, 2023

Updated: Oct 10, 2023

CWE ID 20

Summary

CVE-2023-42449: A vulnerability was identified in the Hydra scalability solution for Cardano before version 0.13.0. Malicious head initializers could extract one or more Partial Tokens (PTs) due to incorrect data validation logic in the head token minting policy. This flaw allowed the attacker to lock other participants' committed funds or force them to pay a ransom to progress the head into the Open state by spoofing committed transactions with the extracted PTs. The issue has been addressed in version 0.13.0.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Input Output (IOHK)

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/soU_VH
https://www.cve.org/CVERecord?id=CVE-2023-42449
https://nvd.nist.gov/vuln/detail/CVE-2023-42449

Back to Vulnerability Database

CVE-2023-42449

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations