CVE-2023-33964 – github.com/multiversx/mx-chain-go

Package

Manager: go
Name: github.com/multiversx/mx-chain-go
Vulnerable Version: >=0 <1.4.16

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N

EPSS: 0.00162 pctl0.37611

Details

mx-chain-go does not treat invalid transaction with wrong username correctly ### Impact Metachain cannot process a cross-shard miniblock. An invalid transaction with the wrong username on metachain is not treated correctly on the metachain transaction processor. This is strictly a processing issue that could have happened on MultiversX chain. If an error like this had occurred, the metachain would have stopped notarizing blocks from the shard chains. The resuming of notarization is possible only after applying a patched binary version. ### Patches Introduce processIfTxErrorCrossShard for metachain transaction processor. ### Workarounds No ### References No

Metadata

Created: 2023-06-02T19:41:31Z
Modified: 2023-06-02T19:41:31Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-7xpv-4pm9-xch2/GHSA-7xpv-4pm9-xch2.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-7xpv-4pm9-xch2
Finding: F184
Auto approve: 1