CVE-2023-42374 – A critical vulnerability in Sui Blockchain node... (How to Fix)

Q: What is the severity of CVE-2023-42374?

CVE-2023-42374 has a CVSS score of 9.8 (CRITICAL). A critical vulnerability in Sui Blockchain nodes before version 1.6.3 allows remote attackers to execute arbitrary code and cause denial of service by sending specially crafted compressed scripts. This affects all Sui node operators running vulnerable versions, potentially compromising blockchain network integrity.

📋 TL;DR

A critical vulnerability in Sui Blockchain nodes before version 1.6.3 allows remote attackers to execute arbitrary code and cause denial of service by sending specially crafted compressed scripts. This affects all Sui node operators running vulnerable versions, potentially compromising blockchain network integrity.

💻 Affected Systems

Products:

Sui Blockchain Node

Versions: All versions before 1.6.3

Operating Systems: Any OS running Sui node

Default Config Vulnerable: ⚠️ Yes

Notes: All Sui nodes with network exposure are vulnerable by default configuration.

📦 What is this software?

Sui by Mystenlabs

View all CVEs affecting Sui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete node compromise leading to arbitrary code execution, data theft, network disruption, and potential chain manipulation.

🟠

Likely Case

Denial of service causing node crashes and network instability, with possible remote code execution in targeted attacks.

🟢

If Mitigated

Minimal impact if patched promptly; unpatched nodes remain vulnerable to crashes and potential compromise.

🌐 Internet-Facing: HIGH - Remote attackers can exploit this without authentication via network-accessible Sui nodes.

🏢 Internal Only: MEDIUM - Internal attackers could exploit if they have network access to vulnerable nodes.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attack requires sending crafted compressed scripts to vulnerable nodes; no authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.6.3 and later

Vendor Advisory: https://github.com/MystenLabs/sui/commit/42d4ad103a21d23fecd7c0271453da41604e71e9

Restart Required: Yes

Instructions:

1. Stop Sui node service. 2. Update to Sui v1.6.3 or later using package manager or source build. 3. Restart Sui node service. 4. Verify version is 1.6.3+.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict network access to Sui nodes to trusted sources only

iptables -A INPUT -p tcp --dport <sui_port> -s <trusted_ip> -j ACCEPT
iptables -A INPUT -p tcp --dport <sui_port> -j DROP

🧯 If You Can't Patch

Implement strict network ACLs to limit node access to trusted IPs only
Deploy intrusion detection systems to monitor for suspicious compressed script patterns

🔍 How to Verify

Check if Vulnerable:

Check Sui node version; if below 1.6.3, system is vulnerable

Check Version:

sui --version

Verify Fix Applied:

Confirm Sui node version is 1.6.3 or higher and node operates normally

📡 Detection & Monitoring

Log Indicators:

Node crash logs
Memory exhaustion errors
Unexpected decompression failures

Network Indicators:

Unusual compressed script traffic to Sui node ports
Spike in memory usage

SIEM Query:

source="sui.log" AND ("crash" OR "memory" OR "decompression")

📊 Metadata

CVE ID: CVE-2023-42374

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: February 13, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-42374, you might also want to check these: