ghsa-mjvm-mhgc-q4gp
Vulnerability from github
Published
2022-08-18 19:18
Modified
2024-10-24 21:48
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Incorrect parsing of EVM reversion exit reason in RPC
Details

Impact

A low severity security issue was discovered affecting parsing of the RPC result of the exit reason in case of EVM reversion. In release build, this would cause the exit reason being incorrectly parsed and returned by RPC. In debug build, this would cause an overflow panic.

No action is needed unless you have a bridge node that needs to distinguish different reversion exit reasons and you used RPC for this.

Patches

The issue is patched in https://github.com/paritytech/frontier/pull/820

Workarounds

None.

References

PR https://github.com/paritytech/frontier/pull/820

For more information

If you have any questions or comments about this advisory: * Email Wei Tang

Show details on source website

To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "fc-rpc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-36008"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-08-18T19:18:25Z",
    "nvd_published_at": "2022-08-19T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nA low severity security issue was discovered affecting parsing of the RPC result of the exit reason in case of EVM reversion. In release build, this would cause the exit reason being incorrectly parsed and returned by RPC. In debug build, this would cause an overflow panic.\n\nNo action is needed unless you have a bridge node that needs to distinguish different reversion exit reasons and you used RPC for this.\n\n### Patches\n\nThe issue is patched in https://github.com/paritytech/frontier/pull/820\n\n### Workarounds\n\nNone.\n\n### References\n\nPR https://github.com/paritytech/frontier/pull/820\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Email [Wei Tang](mailto:wei@that.world)",
  "id": "GHSA-mjvm-mhgc-q4gp",
  "modified": "2024-10-24T21:48:34Z",
  "published": "2022-08-18T19:18:25Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/paritytech/frontier/security/advisories/GHSA-mjvm-mhgc-q4gp"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36008"
    },
    {
      "type": "WEB",
      "url": "https://github.com/paritytech/frontier/pull/820"
    },
    {
      "type": "WEB",
      "url": "https://github.com/paritytech/frontier/commit/fff8cc43b7756ce3979a38fc473f38e6e24ac451"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/paritytech/frontier"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Incorrect parsing of EVM reversion exit reason in RPC"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.