CVE-2024-23688

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-23688

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23688.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-23688

Aliases

GHSA-w3hj-wr2q-x83g

Published

2024-01-19T22:15:08Z

Modified

2024-05-14T13:09:18.646607Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed.

References

Affected packages

Git / github.com/consensys/discovery

Affected ranges

Type: GIT
Repo: https://github.com/consensys/discovery
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1f641138c77ddfa2159208e7a6ff935e070e551c

Affected versions

0.*

0.3.0

0.3.1

0.3.2

0.3.3

0.3.4

0.3.5

0.3.6

0.3.7

0.4.0

0.4.1

0.4.2

0.4.3

0.4.4

v5.*

v5.0