{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-58131", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-04-07T14:11:17.211Z", "dateReserved": "2025-04-06T00:00:00.000Z", "datePublished": "2025-04-06T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "FISCO-BCOS", "vendor": "FISCO-BCOS", "versions": [{"status": "affected", "version": "3.11.0"}]}], "descriptions": [{"lang": "en", "value": "FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a malicious node (that has modified the codebase to allow a large min_seal_time value) joins a blockchain network."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-821", "description": "CWE-821 Incorrect Synchronization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-04-06T02:58:16.429Z"}, "references": [{"url": "https://github.com/FISCO-BCOS/FISCO-BCOS/issues/4656"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L"}}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fisco-bcos:fisco-bcos:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.11.0", "versionEndIncluding": "3.11.0"}]}]}]}, "adp": [{"references": [{"url": "https://github.com/FISCO-BCOS/FISCO-BCOS/issues/4656", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-07T14:07:22.539974Z", "id": "CVE-2024-58131", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-07T14:11:17.211Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L"}}], "affected": [{"vendor": "FISCO-BCOS", "product": "FISCO-BCOS", "versions": [{"status": "affected", "version": "3.11.0"}], "defaultStatus": "unknown"}], "references": [{"url": "https://github.com/FISCO-BCOS/FISCO-BCOS/issues/4656"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a malicious node (that has modified the codebase to allow a large min_seal_time value) joins a blockchain network."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-821", "description": "CWE-821 Incorrect Synchronization"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fisco-bcos:fisco-bcos:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "3.11.0", "versionStartIncluding": "3.11.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-04-06T02:58:16.429Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-58131", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-07T14:07:22.539974Z"}}}], "references": [{"url": "https://github.com/FISCO-BCOS/FISCO-BCOS/issues/4656", "tags": ["exploit"]}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2025-04-07T14:08:00.444Z"}}]}, "cveMetadata": {"cveId": "CVE-2024-58131", "state": "PUBLISHED", "dateUpdated": "2025-04-06T02:58:16.429Z", "dateReserved": "2025-04-06T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-04-06T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fisco-bcos:fisco-bcos:3.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "F3B2555C-B485-46AF-B5F2-926798817527", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a malicious node (that has modified the codebase to allow a large min_seal_time value) joins a blockchain network."}, {"lang": "es", "value": "FISCO BCOS 3.11.0 tiene un problema con la sincronizaci\u00f3n del grupo de transacciones que se puede observar, por ejemplo, cuando un nodo malicioso (que ha modificado la base de c\u00f3digo para permitir un valor min_seal_time grande) se une a una red blockchain."}], "id": "CVE-2024-58131", "lastModified": "2025-04-08T16:45:17.107", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-04-06T03:15:13.967", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/FISCO-BCOS/FISCO-BCOS/issues/4656"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/FISCO-BCOS/FISCO-BCOS/issues/4656"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-821"}], "source": "cve@mitre.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-662"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}