CVE-2024-22410

Name of the Vulnerable Software and Affected Versions Creditcoin (affected versions not specified)

Description The issue concerns the Windows binary of the Creditcoin node, which loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files directory, it is possible to replace these DLLs and execute arbitrary code. The vulnerable DLL files are from the Windows networking subsystem, the Visual C++ runtime, and low-level cryptographic primitives. The blockchain development team views the threat posed by a hypothetical binary planting attack as minimal and represents a low-security risk. The team also states that running Creditcoin on Windows is officially unsupported and should be thought of as experimental.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.