In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade snow
to version 0.9.5 or higher.
Affected versions of this package are vulnerable to Expected Behavior Violation via the TransportState
process. An attacker with the ability to inject packets into the communication channel can disrupt the service by causing a mismatch in nonce values expected by the sending and receiving parties.
Note:
This is only exploitable if the TransportState
is used, as opposed to StatelessTransportState
.