Posted by Agent Spooky’s Fun Parade via Fulldisclosure on Feb 16
1. SUMMARY
Two independently confirmed vulnerabilities in Jump Crypto’s Firedancer
Solana validator (https://github.com/firedancer-io/firedancer, commit
7cd3b6dce):
A) Three undefined behavior / logic bugs in QUIC transport parameter
processing, triggerable by a malicious QUIC server with zero
authentication. Enables remote connection kill or hang.
B) Incorrect Rust saturating cast emulation that returns ULONG_MAX…
– Read More – Full Disclosure
