fisco-bcos 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには バッファオーバーフロー and vendor risk input validation があり、vendor surface production workloads and vendor surface software deployment の利用場面で アプリケーションクラッシュ、vendor impact memory corruption, and vendor impact unexpected behavior などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-58131 | FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a malicious node (that has modified the codebase to allow a large min_seal_time value) joins a blockchain network. | [email protected] | 4.0 | 0.21% | 2025-04-05 | 2026-06-17 |
| CVE-2022-28937 | FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via an invalid proposal with an invalid header, will cause normal nodes to stop producing new blocks and processing new clients' requests. | [email protected] | 7.5 | 1.12% | 2022-05-15 | 2026-06-17 |
| CVE-2022-28936 | FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node can trigger an integer overflow and cause a Denial of Service (DoS) via an unusually large viewchange message packet. | [email protected] | 7.5 | 0.89% | 2022-05-15 | 2026-06-17 |
| CVE-2022-26534 | FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via a malicious viewchange packet, will cause normal nodes to change view excessively and stop generating blocks. | [email protected] | 7.5 | 1.02% | 2022-03-16 | 2026-06-17 |
| CVE-2021-46359 | FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerability. Some transactions may not be committed successfully, and malicious users may use this to achieve double-spending attacks. | [email protected] | 7.5 | 1.18% | 2022-02-07 | 2026-06-17 |
| CVE-2021-35041 | The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing with unformatted packet and lead to a crash. A malicious node can send a packet continuously. The packet is in an incorrect format and cannot be decoded by the node correctly. As a result, the node may consume the memory sustainably and crash. More details are shown at: https://github.com/FISCO-BCOS/FISCO-BCOS/issues/1951 | [email protected] | 7.5 | 1.25% | 2021-06-23 | 2026-06-16 |