CVE-2024-32873

EPSS 0.38%
Veröffentlicht 06.06.2024 19:15:56
Zuletzt bearbeitet 21.11.2024 09:15:54
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

evmos allows transferring unvested tokens after delegations

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. The spendable balance is not updated properly when delegating vested tokens. The issue allows a clawback vesting account to anticipate the release of unvested tokens.  This vulnerability is fixed in 18.0.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Evmos ≫ Evmos Version < 18.0.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.38%	0.3

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
security-advisories@github.com	3.5	2.1	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

CWE-682 Incorrect Calculation

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

https://github.com/evmos/evmos/commit/b2a09ca66613d8b04decd3f2dcba8e1e77709dcb

Patch

https://github.com/evmos/evmos/security/advisories/GHSA-pxv8-qhrh-jc7v

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-32873

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-32873

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-32873

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-32873