The vulnerability allowed an attacker to remotely lock monerod from syncing with the rest of the p2p network by forging a highly nested JSON payload and spamming it through a restricted RPC interface. The Epee JSON parser was found to allow duplicated fields and set a recursion limit that was too high, enabling the creation of a JSON RPC payload that caused CPU-intensive parsing operations. This vulnerability was discovered in the monerod master branch…Read More
Monero: Spamming highly nested JSON RPC requests cause node to disconnect from p2p network
