{"id":425339,"date":"2022-10-22T04:19:33","date_gmt":"2022-10-22T06:19:33","guid":{"rendered":"https:\/\/teknomers.com\/fr\/faille-critique-signalee-dans-move-virtual-machine-powering-the-aptos-blockchain-network\/"},"modified":"2022-10-22T04:19:35","modified_gmt":"2022-10-22T06:19:35","slug":"faille-critique-signalee-dans-move-virtual-machine-powering-the-aptos-blockchain-network","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/faille-critique-signalee-dans-move-virtual-machine-powering-the-aptos-blockchain-network\/","title":{"rendered":"Faille critique signal\u00e9e dans Move Virtual Machine Powering the Aptos Blockchain Network"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>Les chercheurs ont r\u00e9v\u00e9l\u00e9 des d\u00e9tails sur une faille critique d\u00e9sormais corrig\u00e9e dans la machine virtuelle Move qui alimente le r\u00e9seau blockchain Aptos.<\/p>\n<p>La vuln\u00e9rabilit\u00e9 &#8220;peut provoquer le plantage des n\u0153uds Aptos et provoquer un d\u00e9ni de service&#8221;, a d\u00e9clar\u00e9 Numen Cyber \u200b\u200bLabs, bas\u00e9 \u00e0 Singapour. <a rel=\"nofollow noopener\" href=\"https:\/\/medium.com\/numen-cyber-labs\/analysis-of-the-first-critical-0-day-vulnerability-of-aptos-move-vm-8c1fd6c2b98e\" target=\"_blank\">a dit<\/a> dans un article technique publi\u00e9 plus t\u00f4t ce mois-ci.<\/p>\n<p>Aptos est un <a rel=\"nofollow noopener\" href=\"https:\/\/aptoslabs.medium.com\/aptos-autumn-is-here-92a8d904eb49\" target=\"_blank\">nouveau venu<\/a> \u00e0 l&#8217;espace blockchain, qui <a rel=\"nofollow noopener\" href=\"https:\/\/www.coindesk.com\/business\/2022\/10\/19\/aptos-token-opens-for-trading-after-blockchains-rocky-debut\/\" target=\"_blank\">lanc\u00e9<\/a> son <a rel=\"nofollow noopener\" href=\"https:\/\/academy.binance.com\/en\/glossary\/mainnet\" target=\"_blank\">r\u00e9seau principal<\/a> le 17 octobre 2022. Il a ses racines dans le syst\u00e8me de paiement Diem stablecoin propos\u00e9 par Meta (n\u00e9e Facebook), qui a \u00e9galement introduit un portefeuille num\u00e9rique de courte dur\u00e9e appel\u00e9 <a rel=\"nofollow noopener\" href=\"https:\/\/about.fb.com\/news\/2020\/05\/welcome-to-novi\/\" target=\"_blank\">Novi<\/a>.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/strike-d\" target=\"_blank\" title=\"DevOps backupy\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/08\/La-nouvelle-vulnerabilite-Amazon-Ring-aurait-pu-exposer-tous-vos.png\" width=\"300\" height=\"250\" \/><\/a><\/div>\n<p>Le r\u00e9seau est construit \u00e0 l&#8217;aide d&#8217;un langage de programmation ind\u00e9pendant de la plate-forme connu sous le nom de <a rel=\"nofollow noopener\" href=\"https:\/\/github.com\/move-language\/move\" target=\"_blank\">D\u00e9placer<\/a>un syst\u00e8me bas\u00e9 sur Rust <a rel=\"nofollow noopener\" href=\"https:\/\/developers.diem.com\/docs\/technical-papers\/move-paper\/\" target=\"_blank\">con\u00e7u<\/a> mettre en \u0153uvre et ex\u00e9cuter des contrats intelligents dans un environnement s\u00e9curis\u00e9 <a rel=\"nofollow noopener\" href=\"https:\/\/ethereum.org\/en\/developers\/docs\/evm\/\" target=\"_blank\">environnement d&#8217;ex\u00e9cution<\/a>\u00e9galement connu sous le nom de Move Virtual Machine (alias <a rel=\"nofollow noopener\" href=\"https:\/\/aptos.dev\/guides\/move-guides\/move-on-aptos\/\" target=\"_blank\">MoveVM<\/a>).<\/p>\n<div class=\"separator\" style=\"clear: both\"><img decoding=\"async\" alt=\"\" border=\"0\" data-original-height=\"241\" data-original-width=\"728\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/10\/1666419573_623_Faille-critique-signalee-dans-Move-Virtual-Machine-Powering-the-Aptos.jpg\" \/><\/div>\n<p>La <a rel=\"nofollow noopener\" href=\"https:\/\/github.com\/move-language\/move\/commit\/566ace5a9ec01e0e685f4bfba79072fe635a6cb2\" target=\"_blank\">vuln\u00e9rabilit\u00e9<\/a> identifi\u00e9 par Numen Cyber \u200b\u200bLabs est ancr\u00e9 dans le module de v\u00e9rification du langage Move (&#8220;<a rel=\"nofollow noopener\" href=\"https:\/\/github.com\/move-language\/move\/blob\/main\/language\/move-bytecode-verifier\/src\/stack_usage_verifier.rs\" target=\"_blank\">stack_usage_verifier.rs<\/a>&#8220;), un composant qui valide la <a rel=\"nofollow noopener\" href=\"https:\/\/en.wikipedia.org\/wiki\/Bytecode\" target=\"_blank\">instructions de bytecode<\/a> avant son ex\u00e9cution dans MoveVM.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/crowd-mid-d\" target=\"_blank\" title=\"CyberSecurity\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/08\/Google-Cloud-bloque-une-attaque-DDoS-record-de-46-millions.png\" width=\"728\" height=\"90\" \/><\/a><\/div>\n<p>Plus pr\u00e9cis\u00e9ment, il s&#8217;agit d&#8217;un <a rel=\"nofollow noopener\" href=\"https:\/\/cwe.mitre.org\/data\/definitions\/190.html\" target=\"_blank\">vuln\u00e9rabilit\u00e9 de d\u00e9bordement d&#8217;entier<\/a> dans le <a rel=\"nofollow noopener\" href=\"https:\/\/en.wikipedia.org\/wiki\/Stack-oriented_programming\" target=\"_blank\">bas\u00e9 sur la pile<\/a> Langage de programmation Web3 pouvant entra\u00eener un comportement ind\u00e9fini et donc des plantages.<\/p>\n<div class=\"separator\" style=\"clear: both\"><img decoding=\"async\" alt=\"\" border=\"0\" data-original-height=\"257\" data-original-width=\"728\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/10\/1666419573_517_Faille-critique-signalee-dans-Move-Virtual-Machine-Powering-the-Aptos.jpg\" \/><\/div>\n<p>&#8220;\u00c9tant donn\u00e9 que cette vuln\u00e9rabilit\u00e9 se produit dans le module d&#8217;ex\u00e9cution Move, pour les n\u0153uds de la cha\u00eene, si le code bytecode est ex\u00e9cut\u00e9, cela entra\u00eenera un [Denial-of-Service] attaque \u00bb, a expliqu\u00e9 la soci\u00e9t\u00e9 de cybers\u00e9curit\u00e9.<\/p>\n<p>&#8220;Dans les cas graves, le r\u00e9seau Aptos peut \u00eatre compl\u00e8tement arr\u00eat\u00e9, ce qui causera des dommages incalculables et aura un impact s\u00e9rieux sur la stabilit\u00e9 du n\u0153ud.&#8221;<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/10\/critical-flaw-reported-in-move-virtual.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Les chercheurs ont r\u00e9v\u00e9l\u00e9 des d\u00e9tails sur une faille critique d\u00e9sormais corrig\u00e9e dans la machine virtuelle Move qui alimente le r\u00e9seau blockchain Aptos. La vuln\u00e9rabilit\u00e9 &#8220;peut provoquer le plantage des n\u0153uds Aptos et provoquer un d\u00e9ni de service&#8221;, a d\u00e9clar\u00e9 Numen Cyber \u200b\u200bLabs, bas\u00e9 \u00e0 Singapour. a dit dans un article technique publi\u00e9 plus t\u00f4t [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":425340,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[118523,19233,4168,22,4158,4165,4161,429,9048,4157,4159,4171,4170,4167,3970,4160,55995,35123,4163,4162,63008,4172,4169,9499,4166,92197,4164],"class_list":["post-425339","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-aptos","tag-blockchain","tag-comment-pirater","tag-critique","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-dans","tag-faille","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-logiciel-malveillant-de-ransomware","tag-machine","tag-mises-a-jour-de-la-cybersecurite","tag-move","tag-network","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-powering","tag-securite-informatique","tag-securite-internet","tag-signalee","tag-violation-de-donnees","tag-virtual","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/425339","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=425339"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/425339\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/425340"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=425339"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=425339"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=425339"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}