CVE-2022-36058

Exploit

EPSS 0.3%
Veröffentlicht 06.09.2022 20:15:08
Zuletzt bearbeitet 21.11.2024 07:12:17
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.34, anyone who uses elrond-go to process blocks (historical or actual) could encounter a `MultiESDTNFTTransfer` transaction like this: `MultiESDTNFTTransfer` with a missing function name. Basic functionality like p2p messaging, storage, API requests and such are unaffected. Version 1.3.34 contains a fix for this issue. There are no known workarounds.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Elrond ≫ Elrond Go Version < 1.3.34

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.3%	0.528

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/ElrondNetwork/elrond-go/blob/8e402fa6d7e91e779980122d3798b2bf50892945/integrationTests/vm/txsFee/asyncESDT_test.go#L402

Third Party Advisory

https://github.com/ElrondNetwork/elrond-go/commit/cb487fd7be2a2077638eb34ae771a73630c870c7

Patch

Third Party Advisory

https://github.com/ElrondNetwork/elrond-go/security/advisories/GHSA-qf7j-25g9-r63f

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-36058

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-36058

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-36058

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-36058