Monero - HackerOne Reports
View on HackerOne52
Total Reports
5
Critical
15
High
12
Medium
10
Low
(remote) exabyte allocation via load_from_binary() (DoS)
Reported by:
guido
|
Disclosed:
High
Weakness: Uncontrolled Resource Consumption
RingCT malformed tx prevents target from being able to sweep balance
Reported by:
organdonor1
|
Disclosed:
Medium
Weakness: Business Logic Errors
Misreporting of received amount by show_transfers
Reported by:
moneromooo
|
Disclosed:
High
Weakness: Business Logic Errors
Unix time unlock_time values have dangerous validation rules enabling a number of exploits
Reported by:
thecharlatan
|
Disclosed:
High
Weakness: Business Logic Errors
RPC service DOS
Reported by:
ptrstr
|
Disclosed:
Medium
Weakness: Uncontrolled Resource Consumption
Monero can leak unitialized memory
Reported by:
guido
|
Disclosed:
Medium
Weakness: Information Disclosure
CVE-2019-13132 - libzmq 4.1 series is vulnerable
Reported by:
evertonmelo
|
Disclosed:
Medium
Weakness: Violation of Secure Design Principles
monerod can be disabled by a well-timed TCP reset packet
Reported by:
ahook
|
Disclosed:
Medium
Weakness: Uncontrolled Resource Consumption
Constant-time comparison is not always implemented; critical areas are vulnerable to key-timing attacks
Reported by:
anonimal
|
Disclosed:
Critical
Weakness: Missing Required Cryptographic Step
Transactions in invalid blocks are kept in tx-pool without undergoing certain checks.
Reported by:
boog900
|
Disclosed:
DLL hijacking in Monero GUI for Windows 0.17.3.0 would allow an attacker to perform remote command execution
Reported by:
fukuyama
|
Disclosed:
Medium
Weakness: Code Injection
Potential linkage of public/private (anonymous) node addresses
Reported by:
ahook
|
Disclosed:
Low
Weakness: Information Disclosure
Previous
Page 3 of 3