CVE-2023-34458

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-34458
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-34458.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-34458
Aliases
Published
2023-07-13T18:45:03.499Z
Modified
2026-04-02T09:03:25.766373Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H CVSS Calculator
Summary
mx-chain-go's relayed transactions always increment nonce
Details

mx-chain-go is the official implementation of the MultiversX blockchain protocol, written in golang. When executing a relayed transaction, if the inner transaction failed, it would have increased the inner transaction's sender account nonce. This could have contributed to a limited DoS attack on a targeted account. The fix is a breaking change so a new flag RelayedNonceFixEnableEpoch was needed. This was a strict processing issue while validating blocks on a chain. This vulnerability has been patched in version 1.4.17.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/34xxx/CVE-2023-34458.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-400"
    ]
}
References

Affected packages

Git / github.com/multiversx/mx-chain-go

Affected ranges

Type
GIT
Repo
https://github.com/multiversx/mx-chain-go
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
babdb144f1316ab6176bf3dbd7d4621120414d43

Affected versions

V1.*
V1.0.6
V1.0.7
dev-indexer1.*
dev-indexer1.2.0-20220112
dw0.*
dw0.0.1
e1.*
e1.1.0
e1.1.0.1
Other
sf2019-2
test-01
v.*
v.0.5
v0.*
v0.0.4
v0.0.5
v1.*
v1.0.1
v1.0.100
v1.0.101
v1.0.102
v1.0.103
v1.0.104
v1.0.105
v1.0.106
v1.0.107
v1.0.108
v1.0.109
v1.0.11
v1.0.110
v1.0.111
v1.0.112
v1.0.113
v1.0.114
v1.0.115
v1.0.116
v1.0.117
v1.0.118
v1.0.12
v1.0.120
v1.0.121
v1.0.122
v1.0.123
v1.0.124
v1.0.125
v1.0.126
v1.0.127
v1.0.128
v1.0.129
v1.0.13
v1.0.130
v1.0.131
v1.0.132
v1.0.133
v1.0.134
v1.0.135
v1.0.136
v1.0.137
v1.0.138
v1.0.139
v1.0.14
v1.0.140
v1.0.141
v1.0.142
v1.0.143
v1.0.144
v1.0.145
v1.0.146
v1.0.147
v1.0.148
v1.0.149
v1.0.15
v1.0.150
v1.0.16
v1.0.17
v1.0.19
v1.0.2
v1.0.20
v1.0.23
v1.0.24
v1.0.25
v1.0.28
v1.0.29
v1.0.3
v1.0.30
v1.0.31
v1.0.33
v1.0.34
v1.0.35
v1.0.36
v1.0.37
v1.0.38
v1.0.39
v1.0.4
v1.0.40
v1.0.41
v1.0.42
v1.0.44
v1.0.45
v1.0.47
v1.0.48
v1.0.49
v1.0.5
v1.0.50
v1.0.51
v1.0.52
v1.0.53
v1.0.54
v1.0.55
v1.0.56
v1.0.57
v1.0.58
v1.0.59
v1.0.6
v1.0.60
v1.0.61
v1.0.62
v1.0.63
v1.0.64
v1.0.65
v1.0.66
v1.0.67
v1.0.68
v1.0.69
v1.0.7
v1.0.70
v1.0.71
v1.0.72
v1.0.73
v1.0.74
v1.0.75
v1.0.76
v1.0.77
v1.0.78
v1.0.79
v1.0.8
v1.0.80
v1.0.81
v1.0.82
v1.0.83
v1.0.84
v1.0.85
v1.0.86
v1.0.87
v1.0.88
v1.0.89
v1.0.91
v1.0.92
v1.0.93
v1.0.94
v1.0.95
v1.0.96
v1.0.97
v1.0.98
v1.0.99
v1.1.0
v1.1.0-dev
v1.1.1
v1.1.10
v1.1.10-rc.1
v1.1.10-rc.2
v1.1.11
v1.1.12
v1.1.13
v1.1.14
v1.1.15
v1.1.16
v1.1.17
v1.1.18
v1.1.19
v1.1.2
v1.1.20
v1.1.21
v1.1.22
v1.1.23
v1.1.24
v1.1.25
v1.1.26
v1.1.26-rc1
v1.1.27
v1.1.28
v1.1.28-rc1
v1.1.29
v1.1.3
v1.1.30
v1.1.31
v1.1.32
v1.1.33
v1.1.34
v1.1.35
v1.1.36
v1.1.37
v1.1.38
v1.1.39
v1.1.4
v1.1.40
v1.1.41
v1.1.42
v1.1.43
v1.1.44
v1.1.45
v1.1.46
v1.1.47
v1.1.48
v1.1.49
v1.1.5
v1.1.50
v1.1.51
v1.1.52
v1.1.53
v1.1.54
v1.1.55
v1.1.56
v1.1.57
v1.1.58
v1.1.59
v1.1.6
v1.1.60
v1.1.61
v1.1.62
v1.1.63
v1.1.64
v1.1.65
v1.1.66
v1.1.67
v1.1.7
v1.1.8
v1.1.9
v1.2.0
v1.2.1
v1.2.10
v1.2.10+indexer
v1.2.11
v1.2.11+indexer
v1.2.12
v1.2.12+indexer
v1.2.12+indexer_v1.1.10
v1.2.12+indexer_v1.1.11
v1.2.13
v1.2.13+indexer1.1.13
v1.2.14
v1.2.14+indexer1.1.13
v1.2.15
v1.2.15+indexer1.1.13
v1.2.16
v1.2.16+indexer1.1.14
v1.2.16+indexer1.1.15
v1.2.17
v1.2.17+indexer1.1.15
v1.2.18
v1.2.18+indexer1.1.15
v1.2.19
v1.2.19+indexer1.1.15
v1.2.2
v1.2.20
v1.2.20+indexer1.1.15
v1.2.20+indexer1.1.16
v1.2.21
v1.2.22
v1.2.22+indexer1.1.16
v1.2.22+indexer1.1.18
v1.2.22-indexer1.1.20
v1.2.22-indexer1.1.21
v1.2.23
v1.2.23-indexer1.1.21
v1.2.24
v1.2.24-indexer1.1.23
v1.2.25
v1.2.26
v1.2.26-indexer1.1.24
v1.2.27
v1.2.28
v1.2.28-indexer1.1.24
v1.2.29
v1.2.29-indexer1.1.24
v1.2.3
v1.2.30
v1.2.30-indexer1.1.24
v1.2.31
v1.2.31-indexer1.1.24
v1.2.31-indexer1.1.25
v1.2.32
v1.2.33
v1.2.33-indexer1.1.25
v1.2.34
v1.2.35
v1.2.35-indexer1.1.26
v1.2.36
v1.2.36-indexer1.1.26
v1.2.36-rc1
v1.2.37
v1.2.38
v1.2.38-indexer1.1.26
v1.2.38-indexer1.1.26-rc1
v1.2.38-rc1
v1.2.38-rc2
v1.2.38-rc2-indexer1.1.26
v1.2.4
v1.2.40
v1.2.40-indexer1.1.26
v1.2.5
v1.2.5+indexer
v1.2.5+indexerBeta
v1.2.6+indexerBeta
v1.2.7
v1.2.7+indexerBeta
v1.2.8+indexer
v1.2.9
v1.2.9+indexer
v1.3.0
v1.3.1
v1.3.10
v1.3.10-indexer1.2.15
v1.3.11
v1.3.12
v1.3.12-indexer1.2.15
v1.3.13
v1.3.13-indexer1.2.15
v1.3.14
v1.3.14-indexer1.2.15
v1.3.15
v1.3.15-indexer1.2.17
v1.3.15-indexer1.2.18
v1.3.16
v1.3.16-indexer1.2.19
v1.3.17
v1.3.17-indexer1.1.41
v1.3.17-indexer1.2.20
v1.3.17-indexer1.2.21
v1.3.17-indexer1.2.22
v1.3.17-indexerv1.2.20
v1.3.17-rc1
v1.3.18
v1.3.18-indexer1.2.20
v1.3.19
v1.3.19-indexer1.2.22
v1.3.19-indexer1.2.25
v1.3.19-rc1
v1.3.19-rc2
v1.3.2
v1.3.20
v1.3.20-indexer1.2.22
v1.3.21
v1.3.21-indexer1.2.23
v1.3.22
v1.3.22-indexer1.2.25
v1.3.23
v1.3.23-rc1
v1.3.23-rc2
v1.3.24
v1.3.25
v1.3.26
v1.3.27
v1.3.27-rc1
v1.3.28
v1.3.28-rc1
v1.3.29
v1.3.3
v1.3.30
v1.3.31
v1.3.32
v1.3.33
v1.3.34
v1.3.35
v1.3.36
v1.3.36-static-trie-db
v1.3.37
v1.3.38
v1.3.39
v1.3.4
v1.3.40
v1.3.41
v1.3.42
v1.3.42-rosetta1
v1.3.43
v1.3.43-rosetta1
v1.3.44
v1.3.44-rosetta1
v1.3.45
v1.3.46
v1.3.47
v1.3.48
v1.3.48-devnet-hf01
v1.3.48-hf02
v1.3.48-hf03
v1.3.48-hf04
v1.3.49
v1.3.5
v1.3.50
v1.3.50-hf01
v1.3.51
v1.3.51-hf01
v1.3.52
v1.3.6
v1.3.7
v1.3.8
v1.3.8-indexer1.2.14
v1.3.9
v1.4.0
v1.4.1
v1.4.10
v1.4.11
v1.4.12
v1.4.13
v1.4.14
v1.4.15
v1.4.16
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4.8
v1.4.8-rc1
v1.4.9
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.5.5

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-34458.json"