Improper Validation of Integrity Check Value Affecting @lodestar/reqresp package, versions <1.25.0


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-JS-LODESTARREQRESP-8626953
  • published15 Jan 2025
  • disclosed14 Jan 2025
  • creditgln7

Introduced: 14 Jan 2025

New CVE NOT AVAILABLE CWE-354  (opens in a new tab)

How to fix?

Upgrade @lodestar/reqresp to version 1.25.0 or higher.

Overview

@lodestar/reqresp is an A Typescript implementation of the Ethereum Consensus Req/Resp protocol

Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value. An attacker can manipulate the processing of uncompressed data chunks by providing a malformed input that bypasses the checksum verification.

References

CVSS Scores

version 4.0
version 3.1