fisco-bcos CVE Vulnerabilities & Metrics

Focus on fisco-bcos vulnerabilities and metrics.

Last updated: 27 Apr 2025, 22:25 UTC

About fisco-bcos Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with fisco-bcos. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total fisco-bcos CVEs: 6
Earliest CVE date: 24 Jun 2021, 00:15 UTC
Latest CVE date: 06 Apr 2025, 03:15 UTC

Latest CVE reference: CVE-2024-58131

Rolling Stats

30-day Count (Rolling): 1
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical fisco-bcos CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.17

Max CVSS: 5.0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	1
4.0-6.9	5
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS fisco-bcos CVEs

These are the five CVEs with the highest CVSS scores for fisco-bcos, sorted by severity first and recency.

CVE-2022-28937 fisco-bcos Published on 15 May 2022, 16:15 UTC (CVSS: 5.0)
FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via an invalid proposal with an invalid header, will cause normal nodes to stop producing new blocks and processing new clients' requests.
CVE-2022-28936 fisco-bcos Published on 15 May 2022, 16:15 UTC (CVSS: 5.0)
FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node can trigger an integer overflow and cause a Denial of Service (DoS) via an unusually large viewchange message packet.
CVE-2022-26534 fisco-bcos Published on 17 Mar 2022, 00:15 UTC (CVSS: 5.0)
FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via a malicious viewchange packet, will cause normal nodes to change view excessively and stop generating blocks.
CVE-2021-46359 fisco-bcos Published on 07 Feb 2022, 13:15 UTC (CVSS: 5.0)
FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerability. Some transactions may not be committed successfully, and malicious users may use this to achieve double-spending attacks.
CVE-2021-35041 fisco-bcos Published on 24 Jun 2021, 00:15 UTC (CVSS: 5.0)
The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing with unformatted packet and lead to a crash. A malicious node can send a packet continuously. The packet is in an incorrect format and cannot be decoded by the node correctly. As a result, the node may consume the memory sustainably and crash. More details are shown at: https://github.com/FISCO-BCOS/FISCO-BCOS/issues/1951

All CVEs for fisco-bcos

CVE-2024-58131 fisco-bcos vulnerability CVSS: 0 06 Apr 2025, 03:15 UTC

FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a malicious node (that has modified the codebase to allow a large min_seal_time value) joins a blockchain network.

CVE-2022-28937 fisco-bcos vulnerability CVSS: 5.0 15 May 2022, 16:15 UTC

FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via an invalid proposal with an invalid header, will cause normal nodes to stop producing new blocks and processing new clients' requests.

CVE-2022-28936 fisco-bcos vulnerability CVSS: 5.0 15 May 2022, 16:15 UTC

FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node can trigger an integer overflow and cause a Denial of Service (DoS) via an unusually large viewchange message packet.

CVE-2022-26534 fisco-bcos vulnerability CVSS: 5.0 17 Mar 2022, 00:15 UTC

FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via a malicious viewchange packet, will cause normal nodes to change view excessively and stop generating blocks.

CVE-2021-46359 fisco-bcos vulnerability CVSS: 5.0 07 Feb 2022, 13:15 UTC

FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerability. Some transactions may not be committed successfully, and malicious users may use this to achieve double-spending attacks.

CVE-2021-35041 fisco-bcos vulnerability CVSS: 5.0 24 Jun 2021, 00:15 UTC

The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing with unformatted packet and lead to a crash. A malicious node can send a packet continuously. The packet is in an incorrect format and cannot be decoded by the node correctly. As a result, the node may consume the memory sustainably and crash. More details are shown at: https://github.com/FISCO-BCOS/FISCO-BCOS/issues/1951