Miggo Logo
Miggo Vulnerability Database
CVE-2025-29072

CVE-2025-29072:
Nethermind Juno Potential Denial of Service (DoS) via Integer Overflow

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2025-29072
GHSA ID
GHSA-wq32-8rp4-w2mc
EPSS Score
0.37505%
CWE
CWE-190
Published
3/27/2025
Updated
3/28/2025
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/NethermindEth/junogo< 0.12.50.12.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The core vulnerability manifests in two layers:

  1. The CasmContractClass::from_contract_class function (from cairo-lang-starknet-classes) contains integer operations vulnerable to overflow when compiled without overflow-checks=true. This is evidenced by Juno adding 'overflow-checks = true' in their Cargo.toml.
  2. The compileSierraToCasm function in Juno's FFI layer directly invoked this vulnerable method with maximum usize values (usize::MAX) and no panic handling pre-patch, as shown by the added panic::catch_unwind in the diff. This function processes raw transaction input, making it the exploitation entry point. Runtime detection would observe both functions in stack traces: the Go/C boundary through compileSierraToCasm, followed by the decompression logic in from_contract_class during attack payload processing.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n int***r ov*r*low in N*t**rmin* Juno ***or* v*.**.* wit*in t** Si*rr* *yt**o** ***ompr*ssion lo*i* wit*in t** "**iro-l*n*-st*rkn*t-*l*ss*s" li*r*ry *oul* *llow r*mot* *tt**k*rs to tri***r *n in*init* loop (*n* *i** *PU us***) *y su*mittin* * m*li*i

Reasoning

T** *or* vuln*r**ility m*ni**sts in two l*y*rs: *. T** **sm*ontr**t*l*ss::*rom_*ontr**t_*l*ss *un*tion (*rom **iro-l*n*-st*rkn*t-*l*ss*s) *ont*ins int***r op*r*tions vuln*r**l* to ov*r*low w**n *ompil** wit*out ov*r*low-****ks=tru*. T*is is *vi**n***