PT-2025-31024 · Snow · Snow

Published

2024-01-23

·

Updated

2025-08-07

·

CVE-2024-58265

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions snow crate versions prior to 0.9.5
Description The snow crate, when using stateful TransportState, allows incrementing a nonce, potentially leading to denial of message delivery.
Recommendations Update to snow crate version 0.9.5 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-440CWE-642

Related Identifiers

CVE-2024-58265
GHSA-7G9J-G5JG-3VV3
GHSA-97F8-H76H-F297
RUSTSEC-2024-0011

Affected Products

Snow