resolved
WASI sandbox escape via symlink
Bug reported by Jesse Wilson was disclosed at May 24, 2025, 10:33 am | Privilege Escalation
A WASI + WASM program was discovered to be able to use `path_symlink` to read arbitrary files on the host machine by creating a symlink in a preopen to a different location on the local file system, thereby escaping the WASI sandbox.
resolved
Dynamic fee algorithm doesn't check for zero fee
Bug reported by sech1 was disclosed at May 23, 2025, 2:25 pm | Uncontrolled Resource Consumption
The dynamic fee algorithm in the Monero blockchain did not properly check for a zero fee, which could have allowed an attacker to flood the network with transactions at no cost, potentially leading to unlimited blockchain growth.
resolved
RPC service DOS
Bug reported by ptrstr was disclosed at May 23, 2025, 2:25 pm | Uncontrolled Resource Consumption
The RPC service running on port 18081 (or 28081, 38081) was vulnerable to a denial-of-service attack due to a loop iterating until the maximum range of a 64-bit unsigned integer. The vulnerability was present in all versions after the commit b030f207517f59a5122409398549a02ac23829ae, up to and including version 0.18.3.1.
![[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]](https://64.media.tumblr.com/834502d05f9b014cbc37366fe428a5a7/13cb9841c0799d7a-ff/s500x560/e72398fe92beda2aa80d0329e8b9f4febece7568.gif)
