CVE-2018-3756

Published: Jun 1, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block signature verification bypass in the transaction and block validator allowing a single node to sign a transaction and/or block multiple times, each with a random nonce, and have other validating nodes accept them as separate valid signatures.

Affected (2)

Products: Hyperledger: Iroha

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Hyperledger Iroha	Version 1.0.0 beta1
Hyperledger Iroha	Version 1.0 beta

Related CWEs

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (2)

https://github.com/hyperledger/iroha/releases/tag/v1.0.0_beta-2

Source: support@hackerone.com

Third Party Advisory

https://github.com/hyperledger/iroha/releases/tag/v1.0.0_beta-2

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.