CVE-2024-32985 MEDIUM

CVE-2024-32985: Stellar-core's Overlay - security fix for DDoS mitigation

Vendor Stellar
Product stellar-core
Weakness CWE-362
Published May 9, 2024
Last update August 2, 2024

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Stellar-core is a reference implementation for the peer-to-peer agent that manages the Stellar network. Prior to 20.4.0, core nodes could be randomly crashed due to a race condition with a 3rd party library. The likelihood of affecting the network is low since crashed nodes come back up online right away. Code fix mitigation is part of Stellar-core v20.4.0 release

Key dates

02Disclosure timeline

May 9, 2024 CVE published
August 2, 2024 Record updated