How severe is CVE-2024-34360?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2024-34360?

This is classified as CWE-754, which is a common weakness in software security.

CVE-2024-34360 - HIGH Severity | CVSS 8.2

Vulnerability Description

go-spacemesh is a Go implementation of the Spacemesh protocol full node. Nodes can publish activations transactions (ATXs) which reference the incorrect previous ATX of the Smesher that created the ATX. ATXs are expected to form a single chain from the newest to the first ATX ever published by an identity. Allowing Smeshers to reference an earlier (but not the latest) ATX as previous breaks this protocol rule and can serve as an attack vector where Nodes are rewarded for holding their PoST data for less than one epoch but still being eligible for rewards. This vulnerability is fixed in go-spacemesh 1.5.2-hotfix1 and Spacemesh API 1.37.1.

Related Vulnerabilities

CVE-2020-7800

HIGH

CVSS:8.2(High)

The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability. The affected produc...

CWE-7542020

CVE-2022-26079

HIGH

CVSS:8.2(High)

Improper conditions check in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access.

CWE-7542022

CVE-2022-29278

HIGH

CVSS:8.2(High)

Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS mem...

CWE-7542022

CVE-2022-43393

HIGH

CVSS:8.2(High)

An improper check for unusual or exceptional conditions in the HTTP request processing function of Zyxel GS1920-24v2 firmware prior to V4.70(ABMH.8)C0, which could allow an unauthenticated attacker to...

CWE-7542022

CVE-2024-11599

HIGH

CVSS:8.2(High)

Mattermost versions 10.0.x <= 10.0.1, 10.1.x <= 10.1.1, 9.11.x <= 9.11.3, 9.5.x <= 9.5.11 fail to properly validate email addresses which allows an unauthenticated user to bypass email domain restrict...

CWE-7542024

CVE-2023-32726

HIGH

CVSS:8.1(High)

The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.

CWE-7542023