CVE-2022-40769

Опубликовано: 18 сент. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022.

Ссылки

https://blog.1inch.io/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-address-tool-68ed7455fc8c
Third Party Advisory
https://github.com/johguse/profanity
Third Party Advisory
https://github.com/johguse/profanity/issues/61
Issue Tracking
Third Party Advisory
https://blog.1inch.io/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-address-tool-68ed7455fc8c
Third Party Advisory
https://github.com/johguse/profanity
Third Party Advisory
https://github.com/johguse/profanity/issues/61
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:profanity_project:profanity:*:*:*:*:*:*:*:*

Версия до 1.60 (включая)

EPSS

Процентиль: 75%

0.00902

Низкий

7.5 High

CVSS3

Дефекты

CWE-338

Связанные уязвимости

GHSA-9q2f-7hm7-62h6