High severityNVD Advisory· Published Mar 27, 2025· Updated Mar 28, 2025
CVE-2025-29072
CVE-2025-29072
Description
An integer overflow in Nethermind Juno before v.12.05 within the Sierra bytecode decompression logic within the "cairo-lang-starknet-classes" library could allow remote attackers to trigger an infinite loop (and high CPU usage) by submitting a malicious Declare v2/v3 transaction. This results in a denial-of-service condition for affected Starknet full-node implementations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/NethermindEth/junoGo | < 0.12.5 | 0.12.5 |
Affected products
3- Nethermind/Junodescription
- ghsa-coords2 versionspkg:golang/github.com/nethermindeth/junopkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
< 0.12.5+ 1 more
- (no CPE)range: < 0.12.5
- (no CPE)range: < 0.0.20250402T160203-1.1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-wq32-8rp4-w2mcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-29072ghsaADVISORY
- community.starknet.io/t/starknet-security-update-potential-full-node-vulnerability-recap/115314ghsaWEB
- github.com/NethermindEth/juno/commit/51074875941aa111c5dd2b41f2ec890a4a15b587ghsaWEB
- github.com/NethermindEth/juno/commit/b9fe28df6a4339a66f91bff723c61dc063f9ed50ghsaWEB
News mentions
0No linked articles in our index yet.