Search criteria
6 vulnerabilities by stellar
CVE-2026-26267 (GCVE-0-2026-26267)
Vulnerability from cvelistv5 – Published: 2026-02-19 19:35 – Updated: 2026-02-19 21:22
VLAI?
Title
rs-soroban-sdk #[contractimpl] macro calls inherent function instead of trait function when names collide
Summary
soroban-sdk is a Rust SDK for Soroban contracts. Prior to versions 22.0.10, 23.5.2, and 25.1.1, the `#[contractimpl]` macro contains a bug in how it wires up function calls. `#[contractimpl]` generates code that uses `MyContract::value()` style calls even when it's processing the trait version. This means if an inherent function is also defined with the same name, the inherent function gets called instead of the trait function. This means the Wasm-exported entry point silently calls the wrong function when two conditions are met simultaneously: First, an `impl Trait for MyContract` block is defined with one or more functions, with `#[contractimpl]` applied. Second, an `impl MyContract` block is defined with one or more identically named functions, without `#[contractimpl]` applied. If the trait version contains important security checks, such as verifying the caller is authorized, that the inherent version does not, those checks are bypassed. Anyone interacting with the contract through its public interface will call the wrong function. The problem is patched in `soroban-sdk-macros` versions 22.0.10, 23.5.2, and 25.1.1. The fix changes the generated call from `<Type>::func()` to `<Type as Trait>::func()` when processing trait implementations, ensuring Rust resolves to the trait associated function regardless of whether an inherent function with the same name exists. Users should upgrade to `soroban-sdk-macros` 22.0.10, 23.5.2, or 25.1.1 and recompile their contracts. If upgrading is not immediately possible, contract developers can avoid the issue by ensuring that no inherent associated function on the contract type shares a name with any function in the trait implementation. Renaming or removing the conflicting inherent function eliminates the ambiguity and causes the macro-generated code to correctly resolve to the trait function.
Severity ?
7.5 (High)
CWE
- CWE-670 - Always-Incorrect Control Flow Implementation
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stellar | rs-soroban-sdk |
Affected:
>= 25.0.0, < 25.1.1
Affected: >= 23.0.0, < 23.5.2 Affected: < 22.0.10 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26267",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-19T20:58:43.298688Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T21:22:10.126Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rs-soroban-sdk",
"vendor": "stellar",
"versions": [
{
"status": "affected",
"version": "\u003e= 25.0.0, \u003c 25.1.1"
},
{
"status": "affected",
"version": "\u003e= 23.0.0, \u003c 23.5.2"
},
{
"status": "affected",
"version": "\u003c 22.0.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "soroban-sdk is a Rust SDK for Soroban contracts. Prior to versions 22.0.10, 23.5.2, and 25.1.1, the `#[contractimpl]` macro contains a bug in how it wires up function calls. `#[contractimpl]` generates code that uses `MyContract::value()` style calls even when it\u0027s processing the trait version. This means if an inherent function is also defined with the same name, the inherent function gets called instead of the trait function. This means the Wasm-exported entry point silently calls the wrong function when two conditions are met simultaneously: First, an `impl Trait for MyContract` block is defined with one or more functions, with `#[contractimpl]` applied. Second, an `impl MyContract` block is defined with one or more identically named functions, without `#[contractimpl]` applied. If the trait version contains important security checks, such as verifying the caller is authorized, that the inherent version does not, those checks are bypassed. Anyone interacting with the contract through its public interface will call the wrong function. The problem is patched in `soroban-sdk-macros` versions 22.0.10, 23.5.2, and 25.1.1. The fix changes the generated call from `\u003cType\u003e::func()` to `\u003cType as Trait\u003e::func()` when processing trait implementations, ensuring Rust resolves to the trait associated function regardless of whether an inherent function with the same name exists. Users should upgrade to `soroban-sdk-macros` 22.0.10, 23.5.2, or 25.1.1 and recompile their contracts. If upgrading is not immediately possible, contract developers can avoid the issue by ensuring that no inherent associated function on the contract type shares a name with any function in the trait implementation. Renaming or removing the conflicting inherent function eliminates the ambiguity and causes the macro-generated code to correctly resolve to the trait function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670: Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T19:35:40.539Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/stellar/rs-soroban-sdk/security/advisories/GHSA-4chv-4c6w-w254",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/stellar/rs-soroban-sdk/security/advisories/GHSA-4chv-4c6w-w254"
},
{
"name": "https://github.com/stellar/rs-soroban-sdk/pull/1729",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stellar/rs-soroban-sdk/pull/1729"
},
{
"name": "https://github.com/stellar/rs-soroban-sdk/pull/1730",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stellar/rs-soroban-sdk/pull/1730"
},
{
"name": "https://github.com/stellar/rs-soroban-sdk/pull/1731",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stellar/rs-soroban-sdk/pull/1731"
},
{
"name": "https://github.com/stellar/rs-soroban-sdk/commit/e92a3933e5f92dc09da3c740cf6a360d55709a2b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stellar/rs-soroban-sdk/commit/e92a3933e5f92dc09da3c740cf6a360d55709a2b"
}
],
"source": {
"advisory": "GHSA-4chv-4c6w-w254",
"discovery": "UNKNOWN"
},
"title": "rs-soroban-sdk #[contractimpl] macro calls inherent function instead of trait function when names collide"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26267",
"datePublished": "2026-02-19T19:35:40.539Z",
"dateReserved": "2026-02-12T17:10:53.412Z",
"dateUpdated": "2026-02-19T21:22:10.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24889 (GCVE-0-2026-24889)
Vulnerability from cvelistv5 – Published: 2026-01-28 22:01 – Updated: 2026-01-29 18:00
VLAI?
Title
soroban-sdk has overflow in Bytes::slice, Vec::slice, GenRange::gen_range for u64
Summary
soroban-sdk is a Rust SDK for Soroban contracts. Arithmetic overflow can be triggered in the `Bytes::slice`, `Vec::slice`, and `Prng::gen_range` (for `u64`) methods in the `soroban-sdk` in versions up to and including `25.0.1`, `23.5.1`, and `25.0.2`. Contracts that pass user-controlled or computed range bounds to `Bytes::slice`, `Vec::slice`, or `Prng::gen_range` may silently operate on incorrect data ranges or generate random numbers from an unintended range, potentially resulting in corrupted contract state. Note that the best practice when using the `soroban-sdk` and building Soroban contracts is to always enable `overflow-checks = true`. The `stellar contract init` tool that prepares the boiler plate for a Soroban contract, as well as all examples and docs, encourage the use of configuring `overflow-checks = true` on `release` profiles so that these arithmetic operations fail rather than silently wrap. Contracts are only impacted if they use `overflow-checks = false` either explicitly or implicitly. It is anticipated the majority of contracts could not be impacted because the best practice encouraged by tooling is to enable `overflow-checks`. The fix available in `25.0.1`, `23.5.1`, and `25.0.2` replaces bare arithmetic with `checked_add` / `checked_sub`, ensuring overflow traps regardless of the `overflow-checks` profile setting. As a workaround, contract workspaces can be configured with a profile available in the GitHub Securtity Advisory to enable overflow checks on the arithmetic operations. This is the best practice when developing Soroban contracts, and the default if using the contract boilerplate generated using `stellar contract init`. Alternatively, contracts can validate range bounds before passing them to `slice` or `gen_range` to ensure the conversions cannot overflow.
Severity ?
5.3 (Medium)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stellar | rs-soroban-sdk |
Affected:
< 22.0.9
Affected: >= 23.0.0, < 23.5.1 Affected: >= 25.0.0, < 25.0.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24889",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-29T16:01:43.687365Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T18:00:47.472Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rs-soroban-sdk",
"vendor": "stellar",
"versions": [
{
"status": "affected",
"version": "\u003c 22.0.9"
},
{
"status": "affected",
"version": "\u003e= 23.0.0, \u003c 23.5.1"
},
{
"status": "affected",
"version": "\u003e= 25.0.0, \u003c 25.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "soroban-sdk is a Rust SDK for Soroban contracts. Arithmetic overflow can be triggered in the `Bytes::slice`, `Vec::slice`, and `Prng::gen_range` (for `u64`) methods in the `soroban-sdk` in versions up to and including `25.0.1`, `23.5.1`, and `25.0.2`. Contracts that pass user-controlled or computed range bounds to `Bytes::slice`, `Vec::slice`, or `Prng::gen_range` may silently operate on incorrect data ranges or generate random numbers from an unintended range, potentially resulting in corrupted contract state. Note that the best practice when using the `soroban-sdk` and building Soroban contracts is to always enable `overflow-checks = true`. The `stellar contract init` tool that prepares the boiler plate for a Soroban contract, as well as all examples and docs, encourage the use of configuring `overflow-checks = true` on `release` profiles so that these arithmetic operations fail rather than silently wrap. Contracts are only impacted if they use `overflow-checks = false` either explicitly or implicitly. It is anticipated the majority of contracts could not be impacted because the best practice encouraged by tooling is to enable `overflow-checks`. The fix available in `25.0.1`, `23.5.1`, and `25.0.2` replaces bare arithmetic with `checked_add` / `checked_sub`, ensuring overflow traps regardless of the `overflow-checks` profile setting. As a workaround, contract workspaces can be configured with a profile available in the GitHub Securtity Advisory to enable overflow checks on the arithmetic operations. This is the best practice when developing Soroban contracts, and the default if using the contract boilerplate generated using `stellar contract init`. Alternatively, contracts can validate range bounds before passing them to `slice` or `gen_range` to ensure the conversions cannot overflow."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T22:01:00.374Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/stellar/rs-soroban-sdk/security/advisories/GHSA-96xm-fv9w-pf3f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/stellar/rs-soroban-sdk/security/advisories/GHSA-96xm-fv9w-pf3f"
},
{
"name": "https://github.com/stellar/rs-soroban-sdk/pull/1703",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stellar/rs-soroban-sdk/pull/1703"
},
{
"name": "https://github.com/stellar/rs-soroban-sdk/commit/3890521426d71bb4d892b21f5a283a1e836cfa38",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stellar/rs-soroban-sdk/commit/3890521426d71bb4d892b21f5a283a1e836cfa38"
},
{
"name": "https://github.com/stellar/rs-soroban-sdk/commit/59fcef437260ed4da42d1efb357137a5c166c02e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stellar/rs-soroban-sdk/commit/59fcef437260ed4da42d1efb357137a5c166c02e"
},
{
"name": "https://github.com/stellar/rs-soroban-sdk/commit/c2757c6d774dbb28b34a0b77ffe282e59f0f8462",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stellar/rs-soroban-sdk/commit/c2757c6d774dbb28b34a0b77ffe282e59f0f8462"
},
{
"name": "https://github.com/stellar/rs-soroban-sdk/releases/tag/v22.0.9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stellar/rs-soroban-sdk/releases/tag/v22.0.9"
},
{
"name": "https://github.com/stellar/rs-soroban-sdk/releases/tag/v23.5.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stellar/rs-soroban-sdk/releases/tag/v23.5.1"
},
{
"name": "https://github.com/stellar/rs-soroban-sdk/releases/tag/v25.0.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stellar/rs-soroban-sdk/releases/tag/v25.0.2"
}
],
"source": {
"advisory": "GHSA-96xm-fv9w-pf3f",
"discovery": "UNKNOWN"
},
"title": "soroban-sdk has overflow in Bytes::slice, Vec::slice, GenRange::gen_range for u64"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24889",
"datePublished": "2026-01-28T22:01:00.374Z",
"dateReserved": "2026-01-27T19:35:20.528Z",
"dateUpdated": "2026-01-29T18:00:47.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-32985 (GCVE-0-2024-32985)
Vulnerability from cvelistv5 – Published: 2024-05-09 20:54 – Updated: 2024-08-02 02:27
VLAI?
Title
Stellar-core's Overlay - security fix for DDoS mitigation
Summary
Stellar-core is a reference implementation for the peer-to-peer agent that manages the Stellar network. Prior to 20.4.0, core nodes could be randomly crashed due to a race condition with a 3rd party library. The likelihood of affecting the network is low since crashed nodes come back up online right away. Code fix mitigation is part of Stellar-core v20.4.0 release
Severity ?
5.9 (Medium)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stellar | stellar-core |
Affected:
< 20.4.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32985",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-10T18:32:41.613694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:51:32.696Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:27:53.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/stellar/stellar-core/security/advisories/GHSA-mgx8-frjx-x33m",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/stellar/stellar-core/security/advisories/GHSA-mgx8-frjx-x33m"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "stellar-core",
"vendor": "stellar",
"versions": [
{
"status": "affected",
"version": "\u003c 20.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stellar-core is a reference implementation for the peer-to-peer agent that manages the Stellar network. Prior to 20.4.0, core nodes could be randomly crashed due to a race condition with a 3rd party library. The likelihood of affecting the network is low since crashed nodes come back up online right away. Code fix mitigation is part of Stellar-core v20.4.0 release"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-09T20:54:15.065Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/stellar/stellar-core/security/advisories/GHSA-mgx8-frjx-x33m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/stellar/stellar-core/security/advisories/GHSA-mgx8-frjx-x33m"
}
],
"source": {
"advisory": "GHSA-mgx8-frjx-x33m",
"discovery": "UNKNOWN"
},
"title": "Stellar-core\u0027s Overlay - security fix for DDoS mitigation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-32985",
"datePublished": "2024-05-09T20:54:15.065Z",
"dateReserved": "2024-04-22T15:14:59.167Z",
"dateUpdated": "2024-08-02T02:27:53.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46135 (GCVE-0-2023-46135)
Vulnerability from cvelistv5 – Published: 2023-10-25 00:38 – Updated: 2024-09-10 15:06
VLAI?
Title
Panic in SignedPayload::from_payload
Summary
rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. A panic vulnerability occurs when a specially crafted payload is used.`inner_payload_len` should not above 64. This vulnerability has been patched in version 0.0.8.
Severity ?
5.3 (Medium)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stellar | rs-stellar-strkey |
Affected:
< 0.0.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:39.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/stellar/rs-stellar-strkey/security/advisories/GHSA-5873-6fwq-463f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/stellar/rs-stellar-strkey/security/advisories/GHSA-5873-6fwq-463f"
},
{
"name": "https://github.com/stellar/rs-stellar-strkey/issues/58",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/stellar/rs-stellar-strkey/issues/58"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:stellar:rs-stellar-strkey:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rs-stellar-strkey",
"vendor": "stellar",
"versions": [
{
"lessThan": "0.0.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46135",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:01:35.354183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T15:06:21.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rs-stellar-strkey",
"vendor": "stellar",
"versions": [
{
"status": "affected",
"version": "\u003c 0.0.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. A panic vulnerability occurs when a specially crafted payload is used.`inner_payload_len` should not above 64. This vulnerability has been patched in version 0.0.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T00:38:03.159Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/stellar/rs-stellar-strkey/security/advisories/GHSA-5873-6fwq-463f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/stellar/rs-stellar-strkey/security/advisories/GHSA-5873-6fwq-463f"
},
{
"name": "https://github.com/stellar/rs-stellar-strkey/issues/58",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stellar/rs-stellar-strkey/issues/58"
}
],
"source": {
"advisory": "GHSA-5873-6fwq-463f",
"discovery": "UNKNOWN"
},
"title": "Panic in SignedPayload::from_payload"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-46135",
"datePublished": "2023-10-25T00:38:03.159Z",
"dateReserved": "2023-10-16T17:51:35.574Z",
"dateUpdated": "2024-09-10T15:06:21.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40580 (GCVE-0-2023-40580)
Vulnerability from cvelistv5 – Published: 2023-08-25 19:51 – Updated: 2024-08-02 18:38
VLAI?
Title
Freighter mnemonic phrase may be accessed by Javascript through a private API
Summary
Freighter is a Stellar chrome extension. It may be possible for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked. This vulnerability impacts access control to the mnemonic recovery phrase. This issue was patched in version 5.3.1.
Severity ?
8.1 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:50.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/stellar/freighter/security/advisories/GHSA-vqr6-hwg2-775w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/stellar/freighter/security/advisories/GHSA-vqr6-hwg2-775w"
},
{
"name": "https://github.com/stellar/freighter/pull/948",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/stellar/freighter/pull/948"
},
{
"name": "https://github.com/stellar/freighter/commit/81f78ba008c41ce631a3d0f9e4449f4bbd90baee",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/stellar/freighter/commit/81f78ba008c41ce631a3d0f9e4449f4bbd90baee"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "freighter",
"vendor": "stellar",
"versions": [
{
"status": "affected",
"version": "\u003c 5.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Freighter is a Stellar chrome extension. It may be possible for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked. This vulnerability impacts access control to the mnemonic recovery phrase. This issue was patched in version 5.3.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-25T19:51:17.535Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/stellar/freighter/security/advisories/GHSA-vqr6-hwg2-775w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/stellar/freighter/security/advisories/GHSA-vqr6-hwg2-775w"
},
{
"name": "https://github.com/stellar/freighter/pull/948",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stellar/freighter/pull/948"
},
{
"name": "https://github.com/stellar/freighter/commit/81f78ba008c41ce631a3d0f9e4449f4bbd90baee",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stellar/freighter/commit/81f78ba008c41ce631a3d0f9e4449f4bbd90baee"
}
],
"source": {
"advisory": "GHSA-vqr6-hwg2-775w",
"discovery": "UNKNOWN"
},
"title": "Freighter mnemonic phrase may be accessed by Javascript through a private API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-40580",
"datePublished": "2023-08-25T19:51:17.535Z",
"dateReserved": "2023-08-16T18:24:02.391Z",
"dateUpdated": "2024-08-02T18:38:50.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32738 (GCVE-0-2021-32738)
Vulnerability from cvelistv5 – Published: 2021-07-02 18:15 – Updated: 2024-08-03 23:33
VLAI?
Title
Utils.readChallengeTx does not verify the server account signature
Summary
js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. The `Utils.readChallengeTx` function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the `serverAccountID` has signed the transaction. In js-stellar-sdk before version 8.2.3, the function does not verify that the server has signed the transaction. Applications that also used `Utils.verifyChallengeTxThreshold` or `Utils.verifyChallengeTxSigners` to verify the signatures including the server signature on the challenge transaction are unaffected as those functions verify the server signed the transaction. Applications calling `Utils.readChallengeTx` should update to version 8.2.3, the first version with a patch for this vulnerability, to ensure that the challenge transaction is completely valid and signed by the server creating the challenge transaction.
Severity ?
6.5 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stellar | js-stellar-sdk |
Affected:
< 8.2.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:54.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/stellar/js-stellar-sdk/security/advisories/GHSA-6cgh-hjpw-q3gq"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/stellar/js-stellar-sdk/releases/tag/v8.2.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "js-stellar-sdk",
"vendor": "stellar",
"versions": [
{
"status": "affected",
"version": "\u003c 8.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. The `Utils.readChallengeTx` function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the `serverAccountID` has signed the transaction. In js-stellar-sdk before version 8.2.3, the function does not verify that the server has signed the transaction. Applications that also used `Utils.verifyChallengeTxThreshold` or `Utils.verifyChallengeTxSigners` to verify the signatures including the server signature on the challenge transaction are unaffected as those functions verify the server signed the transaction. Applications calling `Utils.readChallengeTx` should update to version 8.2.3, the first version with a patch for this vulnerability, to ensure that the challenge transaction is completely valid and signed by the server creating the challenge transaction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-02T18:15:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/stellar/js-stellar-sdk/security/advisories/GHSA-6cgh-hjpw-q3gq"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stellar/js-stellar-sdk/releases/tag/v8.2.3"
}
],
"source": {
"advisory": "GHSA-6cgh-hjpw-q3gq",
"discovery": "UNKNOWN"
},
"title": "Utils.readChallengeTx does not verify the server account signature",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32738",
"STATE": "PUBLIC",
"TITLE": "Utils.readChallengeTx does not verify the server account signature"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "js-stellar-sdk",
"version": {
"version_data": [
{
"version_value": "\u003c 8.2.3"
}
]
}
}
]
},
"vendor_name": "stellar"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. The `Utils.readChallengeTx` function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the `serverAccountID` has signed the transaction. In js-stellar-sdk before version 8.2.3, the function does not verify that the server has signed the transaction. Applications that also used `Utils.verifyChallengeTxThreshold` or `Utils.verifyChallengeTxSigners` to verify the signatures including the server signature on the challenge transaction are unaffected as those functions verify the server signed the transaction. Applications calling `Utils.readChallengeTx` should update to version 8.2.3, the first version with a patch for this vulnerability, to ensure that the challenge transaction is completely valid and signed by the server creating the challenge transaction."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/stellar/js-stellar-sdk/security/advisories/GHSA-6cgh-hjpw-q3gq",
"refsource": "CONFIRM",
"url": "https://github.com/stellar/js-stellar-sdk/security/advisories/GHSA-6cgh-hjpw-q3gq"
},
{
"name": "https://github.com/stellar/js-stellar-sdk/releases/tag/v8.2.3",
"refsource": "MISC",
"url": "https://github.com/stellar/js-stellar-sdk/releases/tag/v8.2.3"
}
]
},
"source": {
"advisory": "GHSA-6cgh-hjpw-q3gq",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32738",
"datePublished": "2021-07-02T18:15:11.000Z",
"dateReserved": "2021-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:33:54.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}