CVE-2022-23066

Опубликовано: 09 мая 2022

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

In Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Calculation which is caused by improper implementation of sdiv instruction. This can lead to the wrong execution path, resulting in huge loss in specific cases. For example, the result of a sdiv instruction may decide whether to transfer tokens or not. The vulnerability affects both integrity and may cause serious availability problems.

Ссылки

https://blocksecteam.medium.com/how-a-critical-bug-in-solana-network-was-detected-and-timely-patched-a701870e1324
Exploit
Third Party Advisory
https://github.com/solana-labs/rbpf/commit/e61e045f8c244de978401d186dcfd50838817297
Patch
Third Party Advisory
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23066
Exploit
Third Party Advisory
https://blocksecteam.medium.com/how-a-critical-bug-in-solana-network-was-detected-and-timely-patched-a701870e1324
Exploit
Third Party Advisory
https://github.com/solana-labs/rbpf/commit/e61e045f8c244de978401d186dcfd50838817297
Patch
Third Party Advisory
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23066
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:solana:rbpf:0.2.26:*:*:*:*:*:*:*

cpe:2.3:a:solana:rbpf:0.2.27:*:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.01129

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-682

Связанные уязвимости

GHSA-9qmm-4mfr-r3wj