CVE-2023-42806 - OpenCVE

Vendors	Products
Iohk	Hydra

Link	Resource
https://github.com/input-output-hk/hydra/blob/ec6c7a2ab651462228475d0b34264e9a182c22bb/hydra-node/src/Hydra/HeadLogic.hs#L357	Product
https://github.com/input-output-hk/hydra/blob/ec6c7a2ab651462228475d0b34264e9a182c22bb/hydra-node/src/Hydra/Snapshot.hs#L50-L54	Product
https://github.com/input-output-hk/hydra/blob/ec6c7a2ab651462228475d0b34264e9a182c22bb/hydra-plutus/src/Hydra/Contract/Head.hs#L583-L599	Product
https://github.com/input-output-hk/hydra/security/advisories/GHSA-gr36-mc6v-72qq	Vendor Advisory

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-42806", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-09-14T16:13:33.307Z", "datePublished": "2023-09-21T16:45:34.742Z", "dateUpdated": "2023-09-21T16:45:34.742Z"}, "containers": {"cna": {"title": "Snapshot signature not including HeadID will allow replay attacks", "problemTypes": [{"descriptions": [{"cweId": "CWE-347", "lang": "en", "description": "CWE-347: Improper Verification of Cryptographic Signature", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/input-output-hk/hydra/security/advisories/GHSA-gr36-mc6v-72qq", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/input-output-hk/hydra/security/advisories/GHSA-gr36-mc6v-72qq"}, {"name": "https://github.com/input-output-hk/hydra/blob/ec6c7a2ab651462228475d0b34264e9a182c22bb/hydra-node/src/Hydra/HeadLogic.hs#L357", "tags": ["x_refsource_MISC"], "url": "https://github.com/input-output-hk/hydra/blob/ec6c7a2ab651462228475d0b34264e9a182c22bb/hydra-node/src/Hydra/HeadLogic.hs#L357"}, {"name": "https://github.com/input-output-hk/hydra/blob/ec6c7a2ab651462228475d0b34264e9a182c22bb/hydra-node/src/Hydra/Snapshot.hs#L50-L54", "tags": ["x_refsource_MISC"], "url": "https://github.com/input-output-hk/hydra/blob/ec6c7a2ab651462228475d0b34264e9a182c22bb/hydra-node/src/Hydra/Snapshot.hs#L50-L54"}, {"name": "https://github.com/input-output-hk/hydra/blob/ec6c7a2ab651462228475d0b34264e9a182c22bb/hydra-plutus/src/Hydra/Contract/Head.hs#L583-L599", "tags": ["x_refsource_MISC"], "url": "https://github.com/input-output-hk/hydra/blob/ec6c7a2ab651462228475d0b34264e9a182c22bb/hydra-plutus/src/Hydra/Contract/Head.hs#L583-L599"}], "affected": [{"vendor": "input-output-hk", "product": "hydra", "versions": [{"version": "< 0.13.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-09-21T16:45:34.742Z"}, "descriptions": [{"lang": "en", "value": "Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, not signing and verifying `$\\mathsf{cid}$` allows an attacker (which must be a participant of this head) to use a snapshot from an old head instance with the same participants to close the head or contest the state with it. This can lead to an incorrect distribution of value (= value extraction attack; hard, but possible) or prevent the head to finalize because the value available is not consistent with the closed utxo state (= denial of service; easy). A patch is planned for version 0.13.0. As a workaround, rotate keys between heads so not to re-use keys and not result in the same multi-signature participants."}], "source": {"advisory": "GHSA-gr36-mc6v-72qq", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:iohk:hydra:*:*:*:*:*:*:*:*", "matchCriteriaId": "556BF21B-9F61-4C1D-BD51-A2EC64EA1CE7", "versionEndExcluding": "0.13.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, not signing and verifying `$\\mathsf{cid}$` allows an attacker (which must be a participant of this head) to use a snapshot from an old head instance with the same participants to close the head or contest the state with it. This can lead to an incorrect distribution of value (= value extraction attack; hard, but possible) or prevent the head to finalize because the value available is not consistent with the closed utxo state (= denial of service; easy). A patch is planned for version 0.13.0. As a workaround, rotate keys between heads so not to re-use keys and not result in the same multi-signature participants."}, {"lang": "es", "value": " Hydra es the layer-two scalability solution para Cardano. Antes de la versi\u00f3n 0.13.0, no firmar ni verificar `$\\mathsf{cid}$` permite que un atacante (que debe ser un participante de este encabezado) use una instant\u00e1nea de una instancia principal anterior con los mismos participantes para cerrar el encabezado o disputar al Estado. Esto puede llevar a una distribuci\u00f3n incorrecta del valor (= ataque de extracci\u00f3n de valor; dif\u00edcil, pero posible) o impedir que la cabeza finalice porque el valor disponible no es consistente con el estado utxo cerrado (= denegaci\u00f3n de servicio; f\u00e1cil). Est\u00e1 previsto un parche para la versi\u00f3n 0.13.0. Como workaround, rote las claves entre los cabezales para no reutilizarlas y no generar los mismos participantes con firmas m\u00faltiples."}], "id": "CVE-2023-42806", "lastModified": "2023-09-26T14:41:00.217", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-09-21T17:15:23.583", "references": [{"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/input-output-hk/hydra/blob/ec6c7a2ab651462228475d0b34264e9a182c22bb/hydra-node/src/Hydra/HeadLogic.hs#L357"}, {"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/input-output-hk/hydra/blob/ec6c7a2ab651462228475d0b34264e9a182c22bb/hydra-node/src/Hydra/Snapshot.hs#L50-L54"}, {"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/input-output-hk/hydra/blob/ec6c7a2ab651462228475d0b34264e9a182c22bb/hydra-plutus/src/Hydra/Contract/Head.hs#L583-L599"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/input-output-hk/hydra/security/advisories/GHSA-gr36-mc6v-72qq"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "security-advisories@github.com", "type": "Primary"}]}

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

JSON object

JSON object

JSON object