CVE-2023-33964

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-33964

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-33964.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-33964

Aliases

Published

2023-05-31T17:07:21.667Z

Modified

2026-05-01T04:19:40.901743Z

Severity

8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N CVSS Calculator

Summary

mx-chain-go does not treat invalid transaction with wrong username correctly

Details

mx-chain-go is an implementation of the MultiversX blockchain protocol written in the Go language. Metachain cannot process a cross-shard miniblock. Prior to version 1.4.16, an invalid transaction with the wrong username on metachain is not treated correctly on the metachain transaction processor. This is strictly a processing issue that could have happened on MultiversX chain. If an error like this had occurred, the metachain would have stopped notarizing blocks from the shard chains. The resuming of notarization is possible only after applying a patched binary version. A patch in version 1.4.16 introduces processIfTxErrorCrossShard for the metachain transaction processor. There are no known workarounds for this issue.

Database specific

{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "fixed": "1.4.16"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/33xxx/CVE-2023-33964.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-20"
    ]
}

References

Affected packages

Git / github.com/multiversx/mx-chain-go

Affected ranges

Type

GIT

Repo

https://github.com/multiversx/mx-chain-go

Events

Introduced

Fixed

97295471465f4b5f79e51b32f8b7111f8d921606

Database specific

{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.4.16"
        }
    ],
    "source": [
        "CPE_FIELD",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:multiversx:mx-chain-go:*:*:*:*:*:go:*:*"
}

Affected versions

V1.*

V1.0.6

V1.0.7

Other

test-01

v.*

v.0.5

v1.*

v1.0.1

v1.0.127

v1.0.128

v1.0.129

v1.0.13

v1.0.130

v1.0.131

v1.0.132

v1.0.133

v1.0.135

v1.0.136

v1.0.137

v1.0.138

v1.0.139

v1.0.14

v1.0.148

v1.0.150

v1.0.2

v1.0.25

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.1.0

v1.1.1

v1.1.10

v1.1.11

v1.1.12

v1.1.13

v1.1.14

v1.1.15

v1.1.16

v1.1.17

v1.1.18

v1.1.19

v1.1.2

v1.1.20

v1.1.21

v1.1.22

v1.1.23

v1.1.24

v1.1.25

v1.1.26

v1.1.27

v1.1.28

v1.1.29

v1.1.3

v1.1.30

v1.1.31

v1.1.32

v1.1.33

v1.1.34

v1.1.35

v1.1.36

v1.1.37

v1.1.38

v1.1.4

v1.1.40

v1.1.41

v1.1.43

v1.1.47

v1.1.48

v1.1.49

v1.1.50

v1.1.51

v1.1.52

v1.1.53

v1.1.54

v1.1.55

v1.1.56

v1.1.57

v1.1.58

v1.1.59

v1.1.6

v1.1.60

v1.1.61

v1.1.62

v1.1.63

v1.1.64

v1.1.7

v1.1.8

v1.1.9

v1.2.10

v1.2.11

v1.2.12

v1.2.13

v1.2.14

v1.2.16

v1.2.17

v1.2.18

v1.2.19

v1.2.20

v1.2.22

v1.2.24

v1.2.25

v1.2.26

v1.2.27

v1.2.28

v1.2.29

v1.2.30

v1.2.31

v1.2.33

v1.2.34

v1.2.5

v1.3.10

v1.3.11

v1.3.12

v1.3.13

v1.3.14

v1.3.15

v1.3.16

v1.3.17

v1.3.17-rc1

v1.3.19-rc1

v1.3.19-rc2

v1.3.23-rc1

v1.3.3

v1.3.32

v1.3.33

v1.3.34

v1.3.35

v1.3.36

v1.3.4

v1.3.43

v1.3.44

v1.3.45

v1.3.46

v1.3.47

v1.3.48

v1.3.49

v1.3.5

v1.3.6

v1.3.7

v1.3.8

v1.3.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-33964.json"