CVE-2023-34458
- Source
- https://cve.org/CVERecord?id=CVE-2023-34458
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-34458.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-34458
- Aliases
- Published
- 2023-07-13T18:45:03.499Z
- Modified
- 2025-12-04T23:55:14.887801Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H CVSS Calculator
- Summary
- mx-chain-go's relayed transactions always increment nonce
- Details
-
mx-chain-go is the official implementation of the MultiversX blockchain protocol, written in golang. When executing a relayed transaction, if the inner transaction failed, it would have increased the inner transaction's sender account nonce. This could have contributed to a limited DoS attack on a targeted account. The fix is a breaking change so a new flag
RelayedNonceFixEnableEpochwas needed. This was a strict processing issue while validating blocks on a chain. This vulnerability has been patched in version 1.4.17. - Database specific
{ "cwe_ids": [ "CWE-400" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/34xxx/CVE-2023-34458.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/34xxx/CVE-2023-34458.json
- https://github.com/multiversx/mx-chain-go/blob/babdb144f1316ab6176bf3dbd7d4621120414d43/integrationTests/vm/txsFee/relayedMoveBalance_test.go#LL165C14-L165C14
- https://github.com/multiversx/mx-chain-go/commit/babdb144f1316ab6176bf3dbd7d4621120414d43
- https://github.com/multiversx/mx-chain-go/releases/tag/v1.4.17
- https://github.com/multiversx/mx-chain-go/security/advisories/GHSA-j494-7x2v-vvvp
- https://nvd.nist.gov/vuln/detail/CVE-2023-34458
Affected packages
Git / github.com/multiversx/mx-chain-go
Affected ranges
- Type
- GIT
- Repo
- https://github.com/multiversx/mx-chain-go
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
V1.*
V1.0.6
V1.0.7
dw0.*
dw0.0.1
e1.*
e1.1.0
e1.1.0.1
Other
test-01
v.*
v.0.5
v0.*
v0.0.4
v0.0.5
v1.*
v1.0.1
v1.0.11
v1.0.110
v1.0.117
v1.0.118
v1.0.12
v1.0.120
v1.0.123
v1.0.124
v1.0.125
v1.0.126
v1.0.127
v1.0.128
v1.0.129
v1.0.13
v1.0.130
v1.0.131
v1.0.132
v1.0.133
v1.0.135
v1.0.136
v1.0.137
v1.0.138
v1.0.139
v1.0.14
v1.0.140
v1.0.141
v1.0.142
v1.0.144
v1.0.146
v1.0.147
v1.0.148
v1.0.149
v1.0.15
v1.0.150
v1.0.16
v1.0.17
v1.0.19
v1.0.2
v1.0.20
v1.0.23
v1.0.24
v1.0.25
v1.0.29
v1.0.3
v1.0.30
v1.0.31
v1.0.33
v1.0.34
v1.0.35
v1.0.36
v1.0.39
v1.0.4
v1.0.40
v1.0.41
v1.0.42
v1.0.44
v1.0.48
v1.0.5
v1.0.55
v1.0.56
v1.0.57
v1.0.58
v1.0.59
v1.0.6
v1.0.60
v1.0.61
v1.0.62
v1.0.63
v1.0.64
v1.0.65
v1.0.66
v1.0.67
v1.0.68
v1.0.7
v1.0.77
v1.0.78
v1.0.79
v1.0.8
v1.0.80
v1.0.81
v1.0.83
v1.0.84
v1.0.85
v1.0.86
v1.0.87
v1.0.88
v1.0.89
v1.0.94
v1.0.97
v1.1.0
v1.1.0-dev
v1.1.1
v1.1.10
v1.1.11
v1.1.12
v1.1.13
v1.1.14
v1.1.15
v1.1.16
v1.1.17
v1.1.18
v1.1.19
v1.1.2
v1.1.20
v1.1.21
v1.1.22
v1.1.23
v1.1.24
v1.1.25
v1.1.26
v1.1.26-rc1
v1.1.27
v1.1.28
v1.1.29
v1.1.3
v1.1.30
v1.1.31
v1.1.32
v1.1.33
v1.1.34
v1.1.35
v1.1.36
v1.1.37
v1.1.38
v1.1.39
v1.1.4
v1.1.40
v1.1.41
v1.1.42
v1.1.43
v1.1.44
v1.1.45
v1.1.46
v1.1.47
v1.1.48
v1.1.49
v1.1.5
v1.1.50
v1.1.51
v1.1.52
v1.1.53
v1.1.54
v1.1.55
v1.1.56
v1.1.57
v1.1.58
v1.1.59
v1.1.6
v1.1.60
v1.1.61
v1.1.62
v1.1.63
v1.1.64
v1.1.7
v1.1.8
v1.1.9
v1.2.0
v1.2.1
v1.2.10
v1.2.10+indexer
v1.2.11
v1.2.11+indexer
v1.2.12
v1.2.12+indexer
v1.2.12+indexer_v1.1.10
v1.2.12+indexer_v1.1.11
v1.2.13
v1.2.13+indexer1.1.13
v1.2.14
v1.2.14+indexer1.1.13
v1.2.15
v1.2.15+indexer1.1.13
v1.2.16
v1.2.16+indexer1.1.14
v1.2.16+indexer1.1.15
v1.2.17
v1.2.17+indexer1.1.15
v1.2.18
v1.2.19
v1.2.2
v1.2.20
v1.2.22
v1.2.23
v1.2.23-indexer1.1.21
v1.2.24
v1.2.25
v1.2.26
v1.2.27
v1.2.28
v1.2.29
v1.2.3
v1.2.30
v1.2.31
v1.2.32
v1.2.33
v1.2.34
v1.2.35
v1.2.35-indexer1.1.26
v1.2.36
v1.2.36-rc1
v1.2.37
v1.2.38
v1.2.4
v1.2.5
v1.2.6+indexerBeta
v1.2.7
v1.2.7+indexerBeta
v1.2.8+indexer
v1.2.9
v1.2.9+indexer
v1.3.0
v1.3.1
v1.3.10
v1.3.10-indexer1.2.15
v1.3.11
v1.3.12
v1.3.12-indexer1.2.15
v1.3.13
v1.3.13-indexer1.2.15
v1.3.14
v1.3.14-indexer1.2.15
v1.3.15
v1.3.15-indexer1.2.17
v1.3.15-indexer1.2.18
v1.3.16
v1.3.16-indexer1.2.19
v1.3.17
v1.3.17-indexer1.2.20
v1.3.17-indexerv1.2.20
v1.3.17-rc1
v1.3.18
v1.3.18-indexer1.2.20
v1.3.19
v1.3.19-indexer1.2.22
v1.3.19-rc1
v1.3.19-rc2
v1.3.2
v1.3.20
v1.3.20-indexer1.2.22
v1.3.21
v1.3.21-indexer1.2.23
v1.3.22
v1.3.22-indexer1.2.25
v1.3.23
v1.3.23-rc1
v1.3.24
v1.3.25
v1.3.26
v1.3.27
v1.3.27-rc1
v1.3.28
v1.3.29
v1.3.3
v1.3.30
v1.3.31
v1.3.32
v1.3.33
v1.3.34
v1.3.35
v1.3.36
v1.3.37
v1.3.38
v1.3.39
v1.3.4
v1.3.40
v1.3.41
v1.3.42
v1.3.42-rosetta1
v1.3.43
v1.3.43-rosetta1
v1.3.44
v1.3.44-rosetta1
v1.3.45
v1.3.46
v1.3.47
v1.3.48
v1.3.49
v1.3.5
v1.3.50
v1.3.6
v1.3.7
v1.3.8
v1.3.8-indexer1.2.14
v1.3.9
v1.4.0
v1.4.1
v1.4.10
v1.4.11
v1.4.12
v1.4.13
v1.4.14
v1.4.15
v1.4.16
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4.8
v1.4.8-rc1
v1.4.9