CVE-2022-36061

Опубликовано: 06 сент. 2022

Источник: nvd

CVSS3: 6.5

CVSS3: 9.8

EPSS Низкий

Описание

Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.35, read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contract's B state, the state will be altered for contract B as if the call was not made in the read-only mode. This can lead to some effects not designed by the original smart contracts programmers. This issue was patched in version 1.3.35. There are no known workarounds.

Ссылки

https://github.com/ElrondNetwork/elrond-go/blob/8e402fa6d7e91e779980122d3798b2bf50892945/integrationTests/vm/txsFee/asyncESDT_test.go#L452
Exploit
Third Party Advisory
https://github.com/ElrondNetwork/elrond-go/releases/tag/v1.3.35
Third Party Advisory
https://github.com/ElrondNetwork/elrond-go/security/advisories/GHSA-mv8x-668m-53fg
Third Party Advisory
https://github.com/ElrondNetwork/elrond-go/blob/8e402fa6d7e91e779980122d3798b2bf50892945/integrationTests/vm/txsFee/asyncESDT_test.go#L452
Exploit
Third Party Advisory
https://github.com/ElrondNetwork/elrond-go/releases/tag/v1.3.35
Third Party Advisory
https://github.com/ElrondNetwork/elrond-go/security/advisories/GHSA-mv8x-668m-53fg
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:elrond:elrond_go:*:*:*:*:*:*:*:*

Версия до 1.3.35 (исключая)

EPSS

Процентиль: 61%

0.00408

Низкий

6.5 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-665

Связанные уязвимости

GHSA-mv8x-668m-53fg

CVSS3: 9.8

github

больше 3 лет назад

Elrond-go has improper initialization

EPSS

Процентиль: 61%

0.00408

Низкий

6.5 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-665