CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via a malicious viewchange packet, will cause normal nodes to change view excessively and stop generating blocks.

**Describe the bug**  
I start a chain with 4 nodes, one of the nodes is a malicious one. It will change the value of some fields of a message. After starting the group, I started the stress testing program. And the program stuck. The log shows that the nodes stop producing new blocks and keep view changing.

**To Reproduce**  
Steps to reproduce the behavior:

1.  Start a chain with 4 nodes;
2.  Start the stress testing program;
3.  The error occurs

**Expected behavior**  
Nodes produce the blocks normally.

**Screenshots**  
The stress testing program stuck here (2% of the transactions are received)  
![wecom-temp-2116cfbcd90990732c059a3c3ed262b3](https://user-images.githubusercontent.com/22519865/156157229-3f03a637-215e-4806-9695-190555532b49.png)

**Environment (please complete the following information):**

*   OS: Ubuntu 20.04
*   FISCO BCOS Version 3.0.0-rc2 (master branch)

**Additional context**  
The log files:  
nodes\_logs\_0301.zip

Headline

CVE-2022-26534: The nodes change view frequently and stop generating blocks. · Issue #2211 · FISCO-BCOS/FISCO-BCOS

CVE: Latest News