CVE-2024-58132
📋 TL;DR
A race condition vulnerability in chainmaker-go (ChainMaker) allows concurrent read/write operations on a map when multiple configuration updates occur on a single node, causing other nodes to panic and crash. This affects all ChainMaker blockchain network participants running vulnerable versions. The vulnerability can disrupt network consensus and availability.
💻 Affected Systems
- chainmaker-go
- ChainMaker
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete network disruption as multiple nodes panic and crash simultaneously, halting blockchain operations and causing denial of service across the entire network.
Likely Case
Intermittent node crashes during configuration changes, causing temporary network instability and potential transaction processing delays.
If Mitigated
Isolated node crashes that don't propagate across the network, with automated recovery mechanisms restoring normal operations.
🎯 Exploit Status
Exploitation requires ability to trigger multiple configuration updates on a node, which typically requires administrative or authorized access. The race condition is triggered by legitimate operations rather than malicious payloads.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.3.6
Vendor Advisory: https://git.chainmaker.org.cn/chainmaker/issue/-/issues/1202
Restart Required: Yes
Instructions:
1. Stop all chainmaker-go services. 2. Backup configuration and data. 3. Upgrade to version 2.3.6 or later. 4. Restart services. 5. Verify network connectivity and consensus.
🔧 Temporary Workarounds
Rate limit configuration updates
allImplement rate limiting on configuration update operations to prevent multiple concurrent updates
# Configure rate limiting in chainmaker configuration file
# Set max_config_updates_per_minute to 1 or lower
Configuration update serialization
allImplement queueing mechanism to serialize configuration update operations
# Implement configuration update queue in management scripts
# Ensure only one update operation processes at a time
🧯 If You Can't Patch
- Implement strict change control procedures for configuration updates with mandatory waiting periods between changes
- Deploy redundant nodes with staggered configuration update schedules to maintain network availability during potential crashes
🔍 How to Verify
Check if Vulnerable:
Check chainmaker-go version with: ./chainmaker version | grep Version. If version is earlier than 2.3.6, system is vulnerable.Check Version:
./chainmaker version | grep VersionVerify Fix Applied:
After upgrade, verify version is 2.3.6 or later and monitor logs for absence of 'panic' and 'concurrent map read/write' errors during configuration updates.📡 Detection & Monitoring
Log Indicators:
- fatal error: concurrent map read and map write
- panic: runtime error: concurrent map iteration and map write
- node crash during configuration update
Network Indicators:
- Sudden loss of node connectivity during configuration changes
- Increased network retry attempts from other nodes
SIEM Query:
source="chainmaker.log" AND ("panic" OR "concurrent map" OR "fatal error")