Monero


reports in last 90 days

24

disclosed resolved issues

0

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

No rating Excessive Resource Usage

Denial of Service talko Time to triage: 0 Days and 13 hours


Time to close: 73 Days and 1 hours
Resolved

High CryptoNote: remote node DoS

Denial of Service anonimal Time to triage: 0 Days and 18 hours


Time to close: 116 Days and 1 hours
Resolved

Medium DoS for remote nodes using Slow Loris attack

Denial of Service sobhraj_charles Time to triage: 1 Days and 6 hours


Time to close: 0 Days and 0 hours
Resolved

High Unauthorized access of Monero wallet by an unprivileged process

Improper Access Control - Generic thanhb Time to triage: 32 Days and 0 hours


Time to close: 48 Days and 8 hours
Resolved

Medium RingCT malformed tx prevents target from being able to sweep balance

Business Logic Errors organdonor1 Time to triage: 1 Days and 0 hours


Time to close: 13 Days and 1 hours
Resolved

Low Potential use-after-free due to struct array_entry_t lacking an explicit copy constructor

Use After Free guido Time to triage: 0 Days and 6 hours


Time to close: 23 Days and 20 hours
Resolved

No rating Stack Overflow in JSON RPC Server

Stack Overflow talko Time to triage: 0 Days and 10 hours


Time to close: 54 Days and 0 hours
Resolved

High Malicious get_random_rct_outs.bin rpc can cause a near-infinite loop

Denial of Service ahook Time to triage: 7 Days and 0 hours


Time to close: 44 Days and 2 hours
Resolved

Critical Constant-time comparison is not always implemented; critical areas are vulnerable to key-timing attacks

Missing Required Cryptographic Step anonimal Time to triage: 2 Days and 13 hours


Time to close: 45 Days and 12 hours
Resolved

High forum.getmonero.org Shell upload

Code Injection kaulse Time to triage: 2 Days and 11 hours


Time to close: 59 Days and 9 hours
Resolved

High Attcker can trick monero wallet into reporting it recived twice as much with alternative tx_keypubs

Business Logic Errors phiren Time to triage: 0 Days and 12 hours


Time to close: 18 Days and 21 hours
Resolved

Critical A bug in the Monero wallet balance can enable theft from exchanges

Business Logic Errors jagerman Time to triage: 0 Days and 4 hours


Time to close: 21 Days and 13 hours
Resolved

Medium monerod can be disabled by a well-timed TCP reset packet

Denial of Service ahook Time to triage: 3 Days and 8 hours


Time to close: 44 Days and 13 hours
Resolved

Low epee will accept an arbitrary amount of leading line-breaks in an http request

Denial of Service ahook Time to triage: 0 Days and 20 hours


Time to close: 87 Days and 10 hours
Resolved

High Misreporting of received amount by show_transfers

Business Logic Errors moneromooo Time to triage: 0 Days and 13 hours


Time to close: 44 Days and 13 hours
Resolved

Low Trusted daemon check fails when proxied through torsocks or proxychains

Privacy Violation equim Time to triage: 1 Days and 22 hours


Time to close: 31 Days and 0 hours
Resolved

Low Buffer out of bound read in miniupnpc xml parser

Buffer Over-read yukichen Time to triage: 0 Days and 13 hours


Time to close: 6 Days and 6 hours
Resolved

Low Out-of-bounds read when importing corrupt blockchain with monero-blockchain-import

Out-of-bounds Read ovrflow Issue was not triaged


Time to close: 5 Days and 21 hours
Resolved

No rating TabNabbing issue (due to taget=_blank)

None supplied ursa Issue was not triaged


Time to close: 12 Days and 15 hours
Resolved

None Monero Website & Kovri on your policy are returning 404 not found.

Business Logic Errors axolotl Issue was not triaged


Time to close: 0 Days and 2 hours
Resolved

Medium Corrupt RPC responses from remote daemon nodes can lead to transaction tracing

Privacy Violation monero-hax123 Time to triage: 30 Days and 3 hours


Time to close: 29 Days and 15 hours
Resolved

No rating Monero GUI not linked with /DYNAMICBASE or hardening on windows, no ASLR

None supplied flxflndy_ Time to triage: 4 Days and 3 hours


Time to close: 11 Days and 16 hours
Resolved

Low remote access to localhost daemon, can issue jsonrpc commands

Cross-Site Request Forgery (CSRF) bugbound Time to triage: 36 Days and 0 hours


Time to close: 7 Days and 1 hours
Resolved

High Kovri: potential buffer over-read in garlic clove handling + I2NP message creation

Information Disclosure aerodudrizzt Issue was not triaged


Time to close: 10 Days and 12 hours
Resolved