CVE-2022-35913

Published: Sep 6, 2022Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Samourai Wallet Stonewallx2 0.99.98e allows a denial of service via a P2P coinjoin. The attacker and victim must follow each other's paynym. Then, the victim must try to collaborate with the attacker for a Stonewallx2 transaction. Next, the attacker broadcasts a tx, spending the inputs used in Stonewallx2 before the victim can broadcast the collaborative transaction. The attacker does not signal opt in RBF, and uses the lowest fee rate. This would result in the victim being unable to perform Stonewallx2. (Note that the attacker could use multiple paynyms.)

Affected (1)

Products: Kayako: Samourai

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Kayako Samourai	Version 0.99.98e

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (4)

https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-July/020737.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-June/020595.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-July/020737.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-June/020595.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.