Description

An integer overflow in Nethermind Juno before v.12.05 within the Sierra bytecode decompression logic within the "cairo-lang-starknet-classes" library could allow remote attackers to trigger an infinite loop (and high CPU usage) by submitting a malicious Declare v2/v3 transaction. This results in a denial-of-service condition for affected Starknet full-node implementations.

INFO

Published Date :

2025-03-27T00:00:00.000Z

Last Modified :

2025-03-28T15:16:08.128Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-29072 vulnerability.

Vendors Products
Nethermind
  • Juno
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-29072.

URL Resource
https://community.starknet.io/t/starknet-security-update-potential-full-node-vulnerability-recap/115314 cve-icon cve-icon
https://github.com/NethermindEth/juno/commit/51074875941aa111c5dd2b41f2ec890a4a15b587 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact