Security Advisories
The following security advisories are related to the Internet Computer Protocol.
| CVE | Brief description | Reference | Affected products | Affected versions | CVSS 3.1 | Issued on |
|---|---|---|---|---|---|---|
| CVE-2023-6245 | Candid infinite decoding loop through specially crafted payload | Advisory | candid (Rust) | >= 0.9.0, < 0.9.10 | High (7.5/10) | Dec 8, 2023 |
| CVE-2024-1631 | agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate` | Advisory | @dfinity/auth-client (npm) @dfinity/identity (npm) | >= 0.20.0-beta.0, < 1.0.1 | Critical (9.1/10) | Feb 21, 2024 |
| CVE-2024-4435 | Stable BTreeMap memory leak when deallocating nodes with overflows | Advisory | ic-stable-structures (Rust) | >= 0.6.0, < 0.6.4 | Medium (5.9/10) | May 21, 2024 |
| CVE-2024-7884 | Memory leak when calling a canister method via ic_cdk::call | Advisory | ic-cdk (Rust) | >= 0.8.0, < 0.8.2; >= 0.9.0, < 0.9.3; >= 0.10.0, < 0.10.1; >= 0.11.0, < 0.11.5; >= 0.12.0, < 0.12.2; >= 0.13.0, < 0.13.4; >= 0.14.0, < 0.14.1; >= 0.15.0, < 0.15.1 | High (7.5/10) | Sep 05, 2024 |