CVE-2023-33964

Name of the Vulnerable Software and Affected Versions mx-chain-go versions prior to 1.4.16

Description The metachain cannot process a cross-shard miniblock. An invalid transaction with the wrong username on metachain is not treated correctly on the metachain transaction processor, which is a processing issue that could have occurred on the MultiversX chain. If such an error occurred, the metachain would have stopped notarizing blocks from the shard chains. The resuming of notarization is possible only after applying a patched binary version. A patch introduces processIfTxErrorCrossShard for the metachain transaction processor.

Recommendations For versions prior to 1.4.16, update to version 1.4.16 or later, which includes the patch introducing processIfTxErrorCrossShard for the metachain transaction processor. As a temporary workaround, consider disabling the metachain transaction processor until a patched binary version is applied.