CVE-2022-35913

Severity Score

4.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Samourai Wallet Stonewallx2 0.99.98e allows a denial of service via a P2P coinjoin. The attacker and victim must follow each other's paynym. Then, the victim must try to collaborate with the attacker for a Stonewallx2 transaction. Next, the attacker broadcasts a tx, spending the inputs used in Stonewallx2 before the victim can broadcast the collaborative transaction. The attacker does not signal opt in RBF, and uses the lowest fee rate. This would result in the victim being unable to perform Stonewallx2. (Note that the attacker could use multiple paynyms.)

Samourai Wallet Stonewallx2 versión 0.99.98e, permite una denegación de servicio por medio de un coinjoin P2P. El atacante y la víctima deben seguir el paynym del otro. Luego, la víctima debe intentar colaborar con el atacante para una transacción de Stonewallx2. A continuación, el atacante emite una tx, gastando las entradas usadas en Stonewallx2 antes de que la víctima pueda emitir la transacción de colaboración. El atacante no señala la opción en RBF, y usa la tarifa más baja. Esto rsultaría en que la víctima no pudiera llevar a cabo Stonewallx2. (Tenga en cuenta que el atacante podría usar múltiples paynyms).

*Credits: N/A

CVSS Scores

NISTv3.1 4.3

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-07-15 CVE Reserved
2022-09-06 CVE Published
2024-03-29 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-400: Uncontrolled Resource Consumption

CAPEC

References (2)

URL	Tag	Source
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-July/020737.html	Mailing List
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-June/020595.html	Mailing List

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Kayako Search vendor "Kayako"		Samourai Search vendor "Kayako" for product "Samourai"				0.99.98e Search vendor "Kayako" for product "Samourai" and version "0.99.98e"		-		Affected