Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-29072

An integer overflow in Nethermind Juno before v.12.05 within the Sierra bytecode decompression logic within the "cairo-lang-starknet-classes" library could allow remote attackers to trigger an infinite loop (and high CPU usage) by submitting a malicious Declare v2/v3 transaction. This results in a denial-of-service condition for affected Starknet full-node implementations.

Published

2025-03-27T16:15:30.903

Last Modified

2025-04-11T17:20:02.963

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nethermind	juno	< 0.12.5	Yes

References

https://community.starknet.io/t/starknet-security-update-potential-full-node-vulnerability-recap/115314 Third Party Advisory ([email protected])
https://github.com/NethermindEth/juno/commit/51074875941aa111c5dd2b41f2ec890a4a15b587 Patch ([email protected])