Skip to main content

Hydra CVE-2023-38701

CRITICAL
Improper Input Validation (CWE-20)
2023-10-04 security-advisories@github.com
9.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 04, 2023 - 19:15 nvd
CRITICAL 9.1

DescriptionNVD

Hydra is the layer-two scalability solution for Cardano. Users of the Hydra head protocol send the UTxOs they wish to commit into the Hydra head first to the commit validator, where they remain until they are either collected into the head validator or the protocol initialisation is aborted and the value in the committed UTxOs is returned to the users who committed them. Prior to version 0.12.0, the commit validator contains a flawed check when the ViaAbort redeemer is used, which allows any user to spend any UTxO which is at the validator arbitrarily, meaning an attacker can steal the funds that users are trying to commit into the head validator. The intended behavior is that the funds must be returned to the user which committed the funds and can only be performed by a participant of the head. The initial validator also is similarly affected as the same flawed check is performed for the ViaAbort redeemer. Due to this issue, an attacker can steal any funds that user's try to commit into a Hydra head. Also, an attacker can prevent any Hydra head from being successfully opened. It does not allow an attacker to take funds which have been successfully collected into and currently reside in the head validator. Version 0.12.0 contains a fix for this issue.

AnalysisAI

Hydra is the layer-two scalability solution for Cardano. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. Hydra is the layer-two scalability solution for Cardano. Users of the Hydra head protocol send the UTxOs they wish to commit into the Hydra head first to the commit validator, where they remain until they are either collected into the head validator or the protocol initialisation is aborted and the value in the committed UTxOs is returned to the users who committed them. Prior to version 0.12.0, the commit validator contains a flawed check when the ViaAbort redeemer is used, which allows any user to spend any UTxO which is at the validator arbitrarily, meaning an attacker can steal the funds that users are trying to commit into the head validator. The intended behavior is that the funds must be returned to the user which committed the funds and can only be performed by a participant of the head. The initial validator also is similarly affected as the same flawed check is performed for the ViaAbort redeemer. Due to this issue, an attacker can steal any funds that user's try to commit into a Hydra head. Also, an attacker can prevent any Hydra head from being successfully opened. It does not allow an attacker to take funds which have been successfully collected into and currently reside in the head validator. Version 0.12.0 contains a fix for this issue. Affected products include: Iohk Hydra. Version information: version 0.12.0.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Hydra

View all
CVE-2023-42449 HIGH POC
8.1 Oct 04

Hydra is the two-layer scalability solution for Cardano. Rated high severity (CVSS 8.1), this vulnerability is remotely

CVE-2019-17502 HIGH POC
7.5 Oct 12

Hydra through 0.1.8 has a NULL pointer dereference and daemon crash when processing POST requests that lack a Content-Le

CVE-2019-8400 MEDIUM POC
6.1 Feb 17

ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter. Rated medium

CVE-2023-42448 HIGH
8.1 Oct 04

Hydra is the layer-two scalability solution for Cardano. Rated high severity (CVSS 8.1), this vulnerability is remotely

CVE-2024-45049 HIGH
7.5 Aug 27

Hydra is a Continuous Integration service for Nix based projects. Rated high severity (CVSS 7.5), this vulnerability is

CVE-2023-42806 MEDIUM
6.5 Sep 21

Hydra is the layer-two scalability solution for Cardano. Rated medium severity (CVSS 6.5), this vulnerability is remotel

CVE-2024-32657 MEDIUM
5.4 Apr 22

Hydra is a Continuous Integration service for Nix based projects. Rated medium severity (CVSS 5.4), this vulnerability i

CVE-2020-5300 MEDIUM
5.3 Apr 06

In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17,

CVE-2025-32435 LOW
2.6 Apr 15

Hydra is a Continuous Integration service for Nix based projects. Rated low severity (CVSS 2.6), this vulnerability is r

CVE-2025-54864 MEDIUM
6.9 Aug 12

Hydra is a continuous integration service for Nix based projects. Rated medium severity (CVSS 6.9), this vulnerability i

CVE-2025-54800 HIGH
7.1 Aug 12

Hydra is a continuous integration service for Nix based projects. Rated high severity (CVSS 7.1), this vulnerability is

Share

CVE-2023-38701 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy