Fisco-Bcos: >> Fisco-Bcos Security Vulnerabilities
FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a malicious node (that has modified the codebase to allow a large min_seal_time value) joins a blockchain network.
CVSS Score
4.0
EPSS Score
0.001
Published
2025-04-06
FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node can trigger an integer overflow and cause a Denial of Service (DoS) via an unusually large viewchange message packet.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-05-15
FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via an invalid proposal with an invalid header, will cause normal nodes to stop producing new blocks and processing new clients' requests.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-05-15
FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via a malicious viewchange packet, will cause normal nodes to change view excessively and stop generating blocks.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-03-17
FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerability. Some transactions may not be committed successfully, and malicious users may use this to achieve double-spending attacks.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-02-07
The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing with unformatted packet and lead to a crash. A malicious node can send a packet continuously. The packet is in an incorrect format and cannot be decoded by the node correctly. As a result, the node may consume the memory sustainably and crash. More details are shown at: https://github.com/FISCO-BCOS/FISCO-BCOS/issues/1951
CVSS Score
7.5
EPSS Score
0.003
Published
2021-06-24