Vulnerabilites related to getmonero - monero
Vulnerability from fkie_nvd
Published
2018-09-26 12:29
Modified
2024-11-21 04:06
Severity ?
Summary
An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700) and other cryptocurrencies. A specially crafted network packet can cause a logic flaw, resulting in code execution. An attacker can send a packet to trigger this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| talos-cna@cisco.com | https://blog.talosintelligence.com/2018/09/epee-levin-vuln.html | Third Party Advisory | |
| talos-cna@cisco.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0637 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.talosintelligence.com/2018/09/epee-levin-vuln.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0637 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getmonero:monero:0.12.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1609CE9B-7E0A-4143-983B-E2C61838F4FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero \u0027Lithium Luna\u0027 (v0.12.2.0-master-ffab6700) and other cryptocurrencies. A specially crafted network packet can cause a logic flaw, resulting in code execution. An attacker can send a packet to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad explotable de ejecuci\u00f3n de c\u00f3digo en la funcionalidad de deserializaci\u00f3n de Levin de la biblioteca Epee, tal y como se utiliza en Lithium Luna, de Monero (v0.12.2.0-master-ffab6700) y otras criptomonedas. Un paquete de red especialmente manipulado puede provocar un error de l\u00f3gica que resulta en la ejecuci\u00f3n de c\u00f3digo. Un atacante puede enviar un paquete para provocar esta vulnerabilidad."
}
],
"id": "CVE-2018-3972",
"lastModified": "2024-11-21T04:06:24.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "talos-cna@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-26T12:29:00.220",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.talosintelligence.com/2018/09/epee-levin-vuln.html"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.talosintelligence.com/2018/09/epee-levin-vuln.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0637"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-15 00:15
Modified
2025-09-30 20:18
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getmonero:monero:*:*:*:*:*:*:*:*",
"matchCriteriaId": "720AC78A-1BA9-4433-91EF-F8BAFAD8A5D5",
"versionEndIncluding": "0.18.3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections."
},
{
"lang": "es",
"value": "Monero hasta la versi\u00f3n 0.18.3.4 anterior a ec74ff4 no tiene l\u00edmites de respuesta en las conexiones del servidor HTTP."
}
],
"id": "CVE-2025-26819",
"lastModified": "2025-09-30T20:18:01.213",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-15T00:15:28.510",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/monero-project/monero/commit/ec74ff4a3d3ca38b7912af680209a45fd1701c3d"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "cve@mitre.org",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-10 21:15
Modified
2024-11-21 05:20
Severity ?
Summary
monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . directory in an embedded RPATH (with a preference ahead of /usr/lib), which allows local users to gain privileges via a Trojan horse library in the current working directory.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getmonero:monero:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1141EAF6-6F93-45D3-8136-9C5D59A5A228",
"versionEndExcluding": "0.17.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . directory in an embedded RPATH (with a preference ahead of /usr/lib), which allows local users to gain privileges via a Trojan horse library in the current working directory."
},
{
"lang": "es",
"value": "monero-wallet-gui en Monero GUI versiones anteriores 0.17.1.0 incluye el directorio . en una RPATH insertada (con una preferencia antes de /usr/lib), que permite a los usuarios locales alcanzar privilegios por medio de una biblioteca de tipo caballo de Troya en el directorio de trabajo actual"
}
],
"id": "CVE-2020-26947",
"lastModified": "2024-11-21T05:20:33.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-10T21:15:11.957",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/monero-project/monero-gui/commit/6ed536982953d870010d8fa065dccbffeb6cae50"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/monero-project/monero-gui/issues/3142#issuecomment-705940446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/monero-project/monero-gui/commit/6ed536982953d870010d8fa065dccbffeb6cae50"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/monero-project/monero-gui/issues/3142#issuecomment-705940446"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-3972 (GCVE-0-2018-3972)
Vulnerability from cvelistv5
Published
2018-09-26 13:00
Modified
2024-09-17 00:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote code execution
Summary
An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700) and other cryptocurrencies. A specially crafted network packet can cause a logic flaw, resulting in code execution. An attacker can send a packet to trigger this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0637 | x_refsource_MISC | |
| https://blog.talosintelligence.com/2018/09/epee-levin-vuln.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| https://github.com/sabelnikov | Epee |
Version: as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:57:24.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0637"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.talosintelligence.com/2018/09/epee-levin-vuln.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Epee",
"vendor": "https://github.com/sabelnikov",
"versions": [
{
"status": "affected",
"version": "as used in Monero \u0027Lithium Luna\u0027 (v0.12.2.0-master-ffab6700)"
}
]
}
],
"datePublic": "2018-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero \u0027Lithium Luna\u0027 (v0.12.2.0-master-ffab6700) and other cryptocurrencies. A specially crafted network packet can cause a logic flaw, resulting in code execution. An attacker can send a packet to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:07:16",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0637"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.talosintelligence.com/2018/09/epee-levin-vuln.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-09-25T00:00:00",
"ID": "CVE-2018-3972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Epee",
"version": {
"version_data": [
{
"version_value": "as used in Monero \u0027Lithium Luna\u0027 (v0.12.2.0-master-ffab6700)"
}
]
}
}
]
},
"vendor_name": "https://github.com/sabelnikov"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero \u0027Lithium Luna\u0027 (v0.12.2.0-master-ffab6700) and other cryptocurrencies. A specially crafted network packet can cause a logic flaw, resulting in code execution. An attacker can send a packet to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 10,
"baseSeverity": null,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0637",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0637"
},
{
"name": "https://blog.talosintelligence.com/2018/09/epee-levin-vuln.html",
"refsource": "MISC",
"url": "https://blog.talosintelligence.com/2018/09/epee-levin-vuln.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2018-3972",
"datePublished": "2018-09-26T13:00:00Z",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-09-17T00:30:31.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26947 (GCVE-0-2020-26947)
Vulnerability from cvelistv5
Published
2020-10-10 20:05
Modified
2024-08-04 16:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . directory in an embedded RPATH (with a preference ahead of /usr/lib), which allows local users to gain privileges via a Trojan horse library in the current working directory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/monero-project/monero-gui/issues/3142#issuecomment-705940446 | x_refsource_MISC | |
| https://github.com/monero-project/monero-gui/commit/6ed536982953d870010d8fa065dccbffeb6cae50 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:03:23.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/monero-project/monero-gui/issues/3142#issuecomment-705940446"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/monero-project/monero-gui/commit/6ed536982953d870010d8fa065dccbffeb6cae50"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . directory in an embedded RPATH (with a preference ahead of /usr/lib), which allows local users to gain privileges via a Trojan horse library in the current working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T12:26:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/monero-project/monero-gui/issues/3142#issuecomment-705940446"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/monero-project/monero-gui/commit/6ed536982953d870010d8fa065dccbffeb6cae50"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . directory in an embedded RPATH (with a preference ahead of /usr/lib), which allows local users to gain privileges via a Trojan horse library in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/monero-project/monero-gui/issues/3142#issuecomment-705940446",
"refsource": "MISC",
"url": "https://github.com/monero-project/monero-gui/issues/3142#issuecomment-705940446"
},
{
"name": "https://github.com/monero-project/monero-gui/commit/6ed536982953d870010d8fa065dccbffeb6cae50",
"refsource": "CONFIRM",
"url": "https://github.com/monero-project/monero-gui/commit/6ed536982953d870010d8fa065dccbffeb6cae50"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26947",
"datePublished": "2020-10-10T20:05:49",
"dateReserved": "2020-10-10T00:00:00",
"dateUpdated": "2024-08-04T16:03:23.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26819 (GCVE-0-2025-26819)
Vulnerability from cvelistv5
Published
2025-02-14 00:00
Modified
2025-02-18 16:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Summary
Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26819",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T16:29:22.384498Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T16:29:36.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Monero",
"vendor": "getmonero",
"versions": [
{
"lessThan": "ec74ff4a3d3ca38b7912af680209a45fd1701c3d",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getmonero:monero:*:*:*:*:*:*:*:*",
"versionEndExcluding": "ec74ff4a3d3ca38b7912af680209a45fd1701c3d",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T23:45:10.514Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/monero-project/monero/commit/ec74ff4a3d3ca38b7912af680209a45fd1701c3d"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-26819",
"datePublished": "2025-02-14T00:00:00.000Z",
"dateReserved": "2025-02-14T00:00:00.000Z",
"dateUpdated": "2025-02-18T16:29:36.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}