Monero
Moderate fix1 remedy
cpe:2.3:a:getmonero:monero:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 0.18.3.4
Monero HTTP Server Connection Response Limit Vulnerability
Vulnerability
Patched
A vulnerability exists in Monero versions through 0.18.3.4 prior to the commit ec74ff4, where the HTTP server does not impose limits on responses for connections. This lack of restriction can lead to potential abuse by allowing excessive data to be sent in responses, which could be exploited to disrupt service or degrade performance.
Impact
Exploitation of this vulnerability can cause a denial-of-service condition by overwhelming the server with response data, potentially leading to increased resource consumption and degraded performance.
Reproduction
The vulnerability can be reproduced by sending multiple HTTP requests to the server without waiting for the responses to be fully received. This can be done using a script or tool that automates the process of sending requests and can handle incoming data, such as a Python script using the 'requests' library or a tool like 'curl' with parallel execution.
Remediation
Users can update to Monero version 0.18.3.4 or later, where this vulnerability has been addressed.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
6.4impact
2.5exploitability
9.3remediation
7.7relevance
0.0threat
4.8urgency
2.9incentive
10.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.