Security Advisories
The following security advisories are related to the Internet Computer Protocol.
| CVE | Brief description | Reference | Affected products | Affected versions | CVSS 3.1 | Issued on |
|---|---|---|---|---|---|---|
| CVE-2023-6245 | Candid infinite decoding loop through specially crafted payload | Advisory | candid (Rust) | >= 0.9.0, < 0.9.10 | High (7.5/10) | Dec 8, 2023 |
| CVE-2024-1631 | agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate` | Advisory | @dfinity/auth-client (npm) @dfinity/identity (npm) | >= 0.20.0-beta.0, < 1.0.1 | Critical (9.1/10) | Feb 21, 2024 |
| CVE-2024-4435 | Stable BTreeMap memory leak when deallocating nodes with overflows | Advisory | ic-stable-structures (Rust) | >= 0.6.0, < 0.6.4 | Medium (5.9/10) | May 21, 2024 |