ghostlander Halcyon prior 1.1.1.0-hal Block Verification src/main.cpp CBlock::AddToBlockIndex access control

A vulnerability has been found in ghostlander Halcyon and classified as critical. Affected by this vulnerability is the function CBlock::AddToBlockIndex of the file src/main.cpp of the component Block Verification. The manipulation leads to improper access controls. The CWE definition for the vulnerability is CWE-284. The weakness was disclosed 01/04/2023 as 0675b25ae9cc10b5fdc8ea3a32c642979762d45e. The advisory is shared at github.com. This vulnerability is known as CVE-2021-4300. The attack can be launched remotely. Technical details are available. There is no exploit available. The price for an exploit might be around USD $0-$5k at the moment. MITRE ATT&CK project uses the attack technique T1068 for this issue. It is declared as not defined. We expect the 0-day to have been worth approximately $0-$5k. Upgrading to version 1.1.1.0-hal is able to address this issue. The updated version is ready for download at github.com. The identifier of the patch is 0675b25ae9cc10b5fdc8ea3a32c642979762d45e. The bugfix is ready for download at github.com. It is recommended to upgrade the affected component. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Field01/04/2023 22:1901/28/2023 11:2301/28/2023 11:31
vendorghostlanderghostlanderghostlander
nameHalcyonHalcyonHalcyon
componentBlock VerificationBlock VerificationBlock Verification
filesrc/main.cppsrc/main.cppsrc/main.cpp
functionCBlock::AddToBlockIndexCBlock::AddToBlockIndexCBlock::AddToBlockIndex
cwe284 (access control)284 (access control)284 (access control)
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
identifier0675b25ae9cc10b5fdc8ea3a32c642979762d45e0675b25ae9cc10b5fdc8ea3a32c642979762d45e0675b25ae9cc10b5fdc8ea3a32c642979762d45e
urlhttps://github.com/ghostlander/Halcyon/commit/0675b25ae9cc10b5fdc8ea3a32c642979762d45ehttps://github.com/ghostlander/Halcyon/commit/0675b25ae9cc10b5fdc8ea3a32c642979762d45ehttps://github.com/ghostlander/Halcyon/commit/0675b25ae9cc10b5fdc8ea3a32c642979762d45e
nameUpgradeUpgradeUpgrade
upgrade_version1.1.1.0-hal1.1.1.0-hal1.1.1.0-hal
upgrade_urlhttps://github.com/ghostlander/Halcyon/releases/tag/v1.1.1.0-halhttps://github.com/ghostlander/Halcyon/releases/tag/v1.1.1.0-halhttps://github.com/ghostlander/Halcyon/releases/tag/v1.1.1.0-hal
patch_name0675b25ae9cc10b5fdc8ea3a32c642979762d45e0675b25ae9cc10b5fdc8ea3a32c642979762d45e0675b25ae9cc10b5fdc8ea3a32c642979762d45e
patch_urlhttps://github.com/ghostlander/Halcyon/commit/0675b25ae9cc10b5fdc8ea3a32c642979762d45ehttps://github.com/ghostlander/Halcyon/commit/0675b25ae9cc10b5fdc8ea3a32c642979762d45ehttps://github.com/ghostlander/Halcyon/commit/0675b25ae9cc10b5fdc8ea3a32c642979762d45e
advisoryquoteBlock Verification Vulnerability Eliminated Fixed a critical vulnerability allowing to accept a proof-of-work block containing one or more coin stake transactions in addition to a valid coin base. Output values of such coin stakes were out of control.Block Verification Vulnerability Eliminated Fixed a critical vulnerability allowing to accept a proof-of-work block containing one or more coin stake transactions in addition to a valid coin base. Output values of such coin stakes were out of control.Block Verification Vulnerability Eliminated Fixed a critical vulnerability allowing to accept a proof-of-work block containing one or more coin stake transactions in addition to a valid coin base. Output values of such coin stakes were out of control.
cveCVE-2021-4300CVE-2021-4300CVE-2021-4300
responsibleVulDBVulDBVulDB
date1672786800 (01/04/2023)1672786800 (01/04/2023)1672786800 (01/04/2023)
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss3_vuldb_prLLL
cvss3_vuldb_eXXX
cvss2_vuldb_basescore6.56.56.5
cvss2_vuldb_tempscore5.75.75.7
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore6.06.06.0
cvss3_meta_basescore6.36.37.5
cvss3_meta_tempscore6.06.07.4
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1672786800 (01/04/2023)1672786800 (01/04/2023)
cve_nvd_summaryA vulnerability has been found in ghostlander Halcyon and classified as critical. Affected by this vulnerability is the function CBlock::AddToBlockIndex of the file src/main.cpp of the component Block Verification. The manipulation leads to improper access controls. The attack can be launched remotely. Upgrading to version 1.1.1.0-hal is able to address this issue. The name of the patch is 0675b25ae9cc10b5fdc8ea3a32c642979762d45e. It is recommended to upgrade the affected component. The identifier VDB-217417 was assigned to this vulnerability.A vulnerability has been found in ghostlander Halcyon and classified as critical. Affected by this vulnerability is the function CBlock::AddToBlockIndex of the file src/main.cpp of the component Block Verification. The manipulation leads to improper access controls. The attack can be launched remotely. Upgrading to version 1.1.1.0-hal is able to address this issue. The name of the patch is 0675b25ae9cc10b5fdc8ea3a32c642979762d45e. It is recommended to upgrade the affected component. The identifier VDB-217417 was assigned to this vulnerability.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auS
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cve_cnaVulDB
cvss2_nvd_basescore6.5
cvss3_nvd_basescore9.8
cvss3_cna_basescore6.3

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!