CVE-2023-42806
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2023-42806 is a vulnerability affecting Hydra, the layer-two scalability solution for Cardano, prior to version 0.13.0. This issue permits an attacker, who must be a participant in a head, to manipulate the snapshot from an old head instance and close it or contest the state with it. Consequences of this vulnerability include an incorrect distribution of value, leading to a value extraction attack, and a denial of service by preventing the head from finalizing due to inconsistent available value with the closed UTXO state. A patch is scheduled for version 0.13.0, and as a temporary workaround, users should rotate keys between heads to prevent the reuse of keys and the same multi-signature participants.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Input Output (IOHK)
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions