GHSA-wq32-8rp4-w2mc
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wq32-8rp4-w2mc
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-wq32-8rp4-w2mc/GHSA-wq32-8rp4-w2mc.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-wq32-8rp4-w2mc
- Aliases
- Published
- 2025-03-27T18:31:23Z
- Modified
- 2025-04-01T22:11:59.068577Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Nethermind Juno Potential Denial of Service (DoS) via Integer Overflow
- Details
-
An integer overflow in Nethermind Juno before v0.12.5 within the Sierra bytecode decompression logic within the "cairo-lang-starknet-classes" library could allow remote attackers to trigger an infinite loop (and high CPU usage) by submitting a malicious Declare v2/v3 transaction. This results in a denial-of-service condition for affected Starknet full-node implementations.
- Database specific
{ "nvd_published_at": "2025-03-27T16:15:30Z", "cwe_ids": [ "CWE-190", "CWE-770" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2025-03-28T22:04:59Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2025-29072
- https://github.com/NethermindEth/juno/commit/51074875941aa111c5dd2b41f2ec890a4a15b587
- https://github.com/NethermindEth/juno/commit/b9fe28df6a4339a66f91bff723c61dc063f9ed50
- https://community.starknet.io/t/starknet-security-update-potential-full-node-vulnerability-recap/115314
- https://github.com/NethermindEth/juno
Affected packages
Go / github.com/NethermindEth/juno
Package
- Name
- github.com/NethermindEth/juno
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/NethermindEth/juno