{"url":"http://public2.vulnerablecode.io/api/packages/38382?format=json","purl":"pkg:cargo/soroban-sdk@23.0.0","type":"cargo","namespace":"","name":"soroban-sdk","version":"23.0.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"23.5.1","latest_non_vulnerable_version":"25.0.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83025?format=json","vulnerability_id":"VCID-83bh-83ts-pfbj","summary":"soroban-sdk is a Rust SDK for Soroban contracts. Arithmetic overflow can be triggered in the `Bytes::slice`, `Vec::slice`, and `Prng::gen_range` (for `u64`) methods in the `soroban-sdk` in versions up to and including `25.0.1`, `23.5.1`, and `25.0.2`. Contracts that pass user-controlled or computed range bounds to `Bytes::slice`, `Vec::slice`, or `Prng::gen_range` may silently operate on incorrect data ranges or generate random numbers from an unintended range, potentially resulting in corrupted contract state. Note that the best practice when using the `soroban-sdk` and building Soroban contracts is to always enable `overflow-checks = true`. The `stellar contract init` tool that prepares the boiler plate for a Soroban contract, as well as all examples and docs, encourage the use of configuring `overflow-checks = true` on `release` profiles so that these arithmetic operations fail rather than silently wrap. Contracts are only impacted if they use `overflow-checks = false` either explicitly or implicitly. It is anticipated the majority of contracts could not be impacted because the best practice encouraged by tooling is to enable `overflow-checks`. The fix available in `25.0.1`, `23.5.1`, and `25.0.2` replaces bare arithmetic with `checked_add` / `checked_sub`, ensuring overflow traps regardless of the `overflow-checks` profile setting. As a workaround, contract workspaces can be configured with a profile available in the GitHub Securtity Advisory to enable overflow checks on the arithmetic operations. This is the best practice when developing Soroban contracts, and the default if using the contract boilerplate generated using `stellar contract init`. Alternatively, contracts can validate range bounds before passing them to `slice` or `gen_range` to ensure the conversions cannot overflow.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24889","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06457","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24889"},{"reference_url":"https://github.com/stellar/rs-soroban-sdk","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/stellar/rs-soroban-sdk"},{"reference_url":"https://github.com/stellar/rs-soroban-sdk/pull/1703","reference_id":"1703","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:01:43Z/"}],"url":"https://github.com/stellar/rs-soroban-sdk/pull/1703"},{"reference_url":"https://github.com/stellar/rs-soroban-sdk/commit/3890521426d71bb4d892b21f5a283a1e836cfa38","reference_id":"3890521426d71bb4d892b21f5a283a1e836cfa38","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:01:43Z/"}],"url":"https://github.com/stellar/rs-soroban-sdk/commit/3890521426d71bb4d892b21f5a283a1e836cfa38"},{"reference_url":"https://github.com/stellar/rs-soroban-sdk/commit/59fcef437260ed4da42d1efb357137a5c166c02e","reference_id":"59fcef437260ed4da42d1efb357137a5c166c02e","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:01:43Z/"}],"url":"https://github.com/stellar/rs-soroban-sdk/commit/59fcef437260ed4da42d1efb357137a5c166c02e"},{"reference_url":"https://github.com/stellar/rs-soroban-sdk/commit/c2757c6d774dbb28b34a0b77ffe282e59f0f8462","reference_id":"c2757c6d774dbb28b34a0b77ffe282e59f0f8462","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:01:43Z/"}],"url":"https://github.com/stellar/rs-soroban-sdk/commit/c2757c6d774dbb28b34a0b77ffe282e59f0f8462"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24889","reference_id":"CVE-2026-24889","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24889"},{"reference_url":"https://github.com/advisories/GHSA-96xm-fv9w-pf3f","reference_id":"GHSA-96xm-fv9w-pf3f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-96xm-fv9w-pf3f"},{"reference_url":"https://github.com/stellar/rs-soroban-sdk/security/advisories/GHSA-96xm-fv9w-pf3f","reference_id":"GHSA-96xm-fv9w-pf3f","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:01:43Z/"}],"url":"https://github.com/stellar/rs-soroban-sdk/security/advisories/GHSA-96xm-fv9w-pf3f"},{"reference_url":"https://github.com/stellar/rs-soroban-sdk/releases/tag/v22.0.9","reference_id":"v22.0.9","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:01:43Z/"}],"url":"https://github.com/stellar/rs-soroban-sdk/releases/tag/v22.0.9"},{"reference_url":"https://github.com/stellar/rs-soroban-sdk/releases/tag/v23.5.1","reference_id":"v23.5.1","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:01:43Z/"}],"url":"https://github.com/stellar/rs-soroban-sdk/releases/tag/v23.5.1"},{"reference_url":"https://github.com/stellar/rs-soroban-sdk/releases/tag/v25.0.2","reference_id":"v25.0.2","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:01:43Z/"}],"url":"https://github.com/stellar/rs-soroban-sdk/releases/tag/v25.0.2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38383?format=json","purl":"pkg:cargo/soroban-sdk@23.5.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/soroban-sdk@23.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/38390?format=json","purl":"pkg:cargo/soroban-sdk@25.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/soroban-sdk@25.0.2"}],"aliases":["CVE-2026-24889","GHSA-96xm-fv9w-pf3f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-83bh-83ts-pfbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77165?format=json","vulnerability_id":"VCID-dqfm-y9nr-v3h5","summary":"soroban-sdk is a Rust SDK for Soroban contracts. Prior to 22.0.11, 23.5.3, and 25.3.0, The Fr (scalar field) types for BN254 and BLS12-381 in soroban-sdk compared values using their raw U256 representation without first reducing modulo the field modulus r. This caused mathematically equal field elements to compare as not-equal when one or both values were unreduced (i.e., >= r). The vulnerability requires an attacker to supply crafted Fr values through contract inputs, and compare them directly without going through host-side arithmetic operations. Smart contracts that rely on Fr equality checks for security-critical logic could produce incorrect results. The impact depends on how the affected contract uses Fr equality comparisons, but can result in incorrect authorization decisions or validation bypasses in contracts that perform equality checks on user-supplied scalar values. This vulnerability is fixed in 22.0.11, 23.5.3, and 25.3.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32322","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04424","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32322"},{"reference_url":"https://github.com/stellar/rs-soroban-sdk","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/stellar/rs-soroban-sdk"},{"reference_url":"https://github.com/stellar/rs-soroban-sdk/commit/082424b30bf22ea7fb8c79f16ccd135e0ae9f3db","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/stellar/rs-soroban-sdk/commit/082424b30bf22ea7fb8c79f16ccd135e0ae9f3db"},{"reference_url":"https://github.com/stellar/rs-soroban-sdk/pull/1750","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/stellar/rs-soroban-sdk/pull/1750"},{"reference_url":"https://github.com/stellar/rs-soroban-sdk/releases/tag/v22.0.11","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/stellar/rs-soroban-sdk/releases/tag/v22.0.11"},{"reference_url":"https://github.com/stellar/rs-soroban-sdk/releases/tag/v23.5.3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/stellar/rs-soroban-sdk/releases/tag/v23.5.3"},{"reference_url":"https://github.com/stellar/rs-soroban-sdk/releases/tag/v25.3.0","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/stellar/rs-soroban-sdk/releases/tag/v25.3.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32322","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32322"},{"reference_url":"https://github.com/advisories/GHSA-x2hw-px52-wp4m","reference_id":"GHSA-x2hw-px52-wp4m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x2hw-px52-wp4m"},{"reference_url":"https://github.com/stellar/rs-soroban-sdk/security/advisories/GHSA-x2hw-px52-wp4m","reference_id":"GHSA-x2hw-px52-wp4m","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T14:59:43Z/"}],"url":"https://github.com/stellar/rs-soroban-sdk/security/advisories/GHSA-x2hw-px52-wp4m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1086704?format=json","purl":"pkg:cargo/soroban-sdk@23.5.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/soroban-sdk@23.5.3"},{"url":"http://public2.vulnerablecode.io/api/packages/1086705?format=json","purl":"pkg:cargo/soroban-sdk@25.3.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/soroban-sdk@25.3.0"}],"aliases":["CVE-2026-32322","GHSA-x2hw-px52-wp4m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dqfm-y9nr-v3h5"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/soroban-sdk@23.0.0"}