CVE-2023-38698 (GCVE-0-2023-38698)

Vulnerability from cvelistv5 – Published: 2023-08-04 17:41 – Updated: 2024-10-03 18:13
VLAI?
Title
.eth registrar controller can shorten the duration of registered names
Summary
Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration time of existing domains. However, a preliminary analysis suggests that an attacker-controlled controller may be able to reduce the expiration time of existing domains due to an integer overflow in the renew function. The vulnerability resides `@ensdomains/ens-contracts` prior to version 0.0.22. If successfully exploited, this vulnerability would enable attackers to force the expiration of any ENS record, ultimately allowing them to claim the affected domains for themselves. Currently, it would require a malicious DAO to exploit it. Nevertheless, any vulnerability present in the controllers could potentially render this issue exploitable in the future. An additional concern is the possibility of renewal discounts. Should ENS decide to implement a system that offers unlimited .eth domains for a fixed fee in the future, the vulnerability could become exploitable by any user due to the reduced attack cost. Version 0.0.22 contains a patch for this issue. As long as registration cost remains linear or superlinear based on registration duration, or limited to a reasonable maximum (eg, 1 million years), this vulnerability could only be exploited by a malicious DAO. The interim workaround is thus to take no action.
Severity ?
4.9 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
References
Impacted products
Vendor Product Version
ensdomains ens-contracts Affected: <= 0.0.21
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:46:56.811Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/ensdomains/ens-contracts/security/advisories/GHSA-rrxv-q8m4-wch3",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/ensdomains/ens-contracts/security/advisories/GHSA-rrxv-q8m4-wch3"
          },
          {
            "name": "https://github.com/ensdomains/ens-contracts/commit/e6b136e979084de3761c125142620304173990ca",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/ensdomains/ens-contracts/commit/e6b136e979084de3761c125142620304173990ca"
          },
          {
            "name": "https://github.com/ensdomains/ens-contracts/blob/master/contracts/ethregistrar/BaseRegistrarImplementation.sol#L171",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/ensdomains/ens-contracts/blob/master/contracts/ethregistrar/BaseRegistrarImplementation.sol#L171"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ens.domains:ethereum_name_service:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ethereum_name_service",
            "vendor": "ens.domains",
            "versions": [
              {
                "lessThanOrEqual": "0.0.21",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-38698",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T18:12:20.434166Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T18:13:44.326Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ens-contracts",
          "vendor": "ensdomains",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 0.0.21"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration time of existing domains. However, a preliminary analysis suggests that an attacker-controlled controller may be able to reduce the expiration time of existing domains due to an integer overflow in the renew function. The vulnerability resides `@ensdomains/ens-contracts` prior to version 0.0.22.\n\nIf successfully exploited, this vulnerability would enable attackers to force the expiration of any ENS record, ultimately allowing them to claim the affected domains for themselves. Currently, it would require a malicious DAO to exploit it. Nevertheless, any vulnerability present in the controllers could potentially render this issue exploitable in the future. An additional concern is the possibility of renewal discounts. Should ENS decide to implement a system that offers unlimited .eth domains for a fixed fee in the future, the vulnerability could become exploitable by any user due to the reduced attack cost.\n\nVersion 0.0.22 contains a patch for this issue. As long as registration cost remains linear or superlinear based on registration duration, or limited to a reasonable maximum (eg, 1 million years), this vulnerability could only be exploited by a malicious DAO. The interim workaround is thus to take no action.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-04T17:41:14.426Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/ensdomains/ens-contracts/security/advisories/GHSA-rrxv-q8m4-wch3",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ensdomains/ens-contracts/security/advisories/GHSA-rrxv-q8m4-wch3"
        },
        {
          "name": "https://github.com/ensdomains/ens-contracts/commit/e6b136e979084de3761c125142620304173990ca",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ensdomains/ens-contracts/commit/e6b136e979084de3761c125142620304173990ca"
        },
        {
          "name": "https://github.com/ensdomains/ens-contracts/blob/master/contracts/ethregistrar/BaseRegistrarImplementation.sol#L171",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ensdomains/ens-contracts/blob/master/contracts/ethregistrar/BaseRegistrarImplementation.sol#L171"
        }
      ],
      "source": {
        "advisory": "GHSA-rrxv-q8m4-wch3",
        "discovery": "UNKNOWN"
      },
      "title": ".eth registrar controller can shorten the duration of registered names"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-38698",
    "datePublished": "2023-08-04T17:41:14.426Z",
    "dateReserved": "2023-07-24T16:19:28.364Z",
    "dateUpdated": "2024-10-03T18:13:44.326Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ens.domains:ethereum_name_service:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"0.0.22\", \"matchCriteriaId\": \"08294FFB-C408-4F37-B065-E2E3824F0976\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration time of existing domains. However, a preliminary analysis suggests that an attacker-controlled controller may be able to reduce the expiration time of existing domains due to an integer overflow in the renew function. The vulnerability resides `@ensdomains/ens-contracts` prior to version 0.0.22.\\n\\nIf successfully exploited, this vulnerability would enable attackers to force the expiration of any ENS record, ultimately allowing them to claim the affected domains for themselves. Currently, it would require a malicious DAO to exploit it. Nevertheless, any vulnerability present in the controllers could potentially render this issue exploitable in the future. An additional concern is the possibility of renewal discounts. Should ENS decide to implement a system that offers unlimited .eth domains for a fixed fee in the future, the vulnerability could become exploitable by any user due to the reduced attack cost.\\n\\nVersion 0.0.22 contains a patch for this issue. As long as registration cost remains linear or superlinear based on registration duration, or limited to a reasonable maximum (eg, 1 million years), this vulnerability could only be exploited by a malicious DAO. The interim workaround is thus to take no action.\\n\"}, {\"lang\": \"es\", \"value\": \"Ethereum Name Service (ENS) es un sistema de nombres distribuido, abierto y extensible basado en la blockchain de Ethereum. Seg\\u00fan la documentaci\\u00f3n, los controladores pueden registrar nuevos dominios y ampliar la caducidad de los existentes, pero no pueden cambiar la titularidad ni reducir el tiempo de caducidad de los dominios existentes. Sin embargo, un an\\u00e1lisis preliminar sugiere que un controlador controlado por un atacante puede ser capaz de reducir el tiempo de expiraci\\u00f3n de los dominios existentes debido a un desbordamiento de enteros en la funci\\u00f3n renew. La vulnerabilidad reside en `@ensdomains/ens-contracts` anterior a la versi\\u00f3n 0.0.22.\\n\\nSi se explota con \\u00e9xito, esta vulnerabilidad permitir\\u00eda a los atacantes forzar la expiraci\\u00f3n de cualquier registro ENS, permiti\\u00e9ndoles en \\u00faltima instancia reclamar para s\\u00ed los dominios afectados. Actualmente, se requerir\\u00eda un DAO malicioso para explotarla. No obstante, cualquier vulnerabilidad presente en los controladores podr\\u00eda hacer que este problema pudiera explotarse en el futuro. Una preocupaci\\u00f3n adicional es la posibilidad de descuentos en la renovaci\\u00f3n. Si ENS decide implementar un sistema que ofrezca dominios .eth ilimitados por una tarifa fija en el futuro, la vulnerabilidad podr\\u00eda ser explotable por cualquier usuario debido al reducido coste de ataque.\\n\\nLa versi\\u00f3n 0.0.22 contiene un parche para este problema. Mientras el coste de registro siga siendo lineal o superlineal en funci\\u00f3n de la duraci\\u00f3n del registro, o limitado a un m\\u00e1ximo razonable (por ejemplo, 1 mill\\u00f3n de a\\u00f1os), esta vulnerabilidad s\\u00f3lo podr\\u00eda ser explotada por una DAO maliciosa. Por lo tanto, la soluci\\u00f3n provisional es no tomar ninguna medida.\"}]",
      "id": "CVE-2023-38698",
      "lastModified": "2024-11-21T08:14:04.707",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 4.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}]}",
      "published": "2023-08-04T18:15:15.637",
      "references": "[{\"url\": \"https://github.com/ensdomains/ens-contracts/blob/master/contracts/ethregistrar/BaseRegistrarImplementation.sol#L171\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Product\"]}, {\"url\": \"https://github.com/ensdomains/ens-contracts/commit/e6b136e979084de3761c125142620304173990ca\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/ensdomains/ens-contracts/security/advisories/GHSA-rrxv-q8m4-wch3\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/ensdomains/ens-contracts/blob/master/contracts/ethregistrar/BaseRegistrarImplementation.sol#L171\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}, {\"url\": \"https://github.com/ensdomains/ens-contracts/commit/e6b136e979084de3761c125142620304173990ca\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/ensdomains/ens-contracts/security/advisories/GHSA-rrxv-q8m4-wch3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-190\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-38698\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-08-04T18:15:15.637\",\"lastModified\":\"2024-11-21T08:14:04.707\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration time of existing domains. However, a preliminary analysis suggests that an attacker-controlled controller may be able to reduce the expiration time of existing domains due to an integer overflow in the renew function. The vulnerability resides `@ensdomains/ens-contracts` prior to version 0.0.22.\\n\\nIf successfully exploited, this vulnerability would enable attackers to force the expiration of any ENS record, ultimately allowing them to claim the affected domains for themselves. Currently, it would require a malicious DAO to exploit it. Nevertheless, any vulnerability present in the controllers could potentially render this issue exploitable in the future. An additional concern is the possibility of renewal discounts. Should ENS decide to implement a system that offers unlimited .eth domains for a fixed fee in the future, the vulnerability could become exploitable by any user due to the reduced attack cost.\\n\\nVersion 0.0.22 contains a patch for this issue. As long as registration cost remains linear or superlinear based on registration duration, or limited to a reasonable maximum (eg, 1 million years), this vulnerability could only be exploited by a malicious DAO. The interim workaround is thus to take no action.\\n\"},{\"lang\":\"es\",\"value\":\"Ethereum Name Service (ENS) es un sistema de nombres distribuido, abierto y extensible basado en la blockchain de Ethereum. Seg\u00fan la documentaci\u00f3n, los controladores pueden registrar nuevos dominios y ampliar la caducidad de los existentes, pero no pueden cambiar la titularidad ni reducir el tiempo de caducidad de los dominios existentes. Sin embargo, un an\u00e1lisis preliminar sugiere que un controlador controlado por un atacante puede ser capaz de reducir el tiempo de expiraci\u00f3n de los dominios existentes debido a un desbordamiento de enteros en la funci\u00f3n renew. La vulnerabilidad reside en `@ensdomains/ens-contracts` anterior a la versi\u00f3n 0.0.22.\\n\\nSi se explota con \u00e9xito, esta vulnerabilidad permitir\u00eda a los atacantes forzar la expiraci\u00f3n de cualquier registro ENS, permiti\u00e9ndoles en \u00faltima instancia reclamar para s\u00ed los dominios afectados. Actualmente, se requerir\u00eda un DAO malicioso para explotarla. No obstante, cualquier vulnerabilidad presente en los controladores podr\u00eda hacer que este problema pudiera explotarse en el futuro. Una preocupaci\u00f3n adicional es la posibilidad de descuentos en la renovaci\u00f3n. Si ENS decide implementar un sistema que ofrezca dominios .eth ilimitados por una tarifa fija en el futuro, la vulnerabilidad podr\u00eda ser explotable por cualquier usuario debido al reducido coste de ataque.\\n\\nLa versi\u00f3n 0.0.22 contiene un parche para este problema. Mientras el coste de registro siga siendo lineal o superlineal en funci\u00f3n de la duraci\u00f3n del registro, o limitado a un m\u00e1ximo razonable (por ejemplo, 1 mill\u00f3n de a\u00f1os), esta vulnerabilidad s\u00f3lo podr\u00eda ser explotada por una DAO maliciosa. Por lo tanto, la soluci\u00f3n provisional es no tomar ninguna medida.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ens.domains:ethereum_name_service:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.0.22\",\"matchCriteriaId\":\"08294FFB-C408-4F37-B065-E2E3824F0976\"}]}]}],\"references\":[{\"url\":\"https://github.com/ensdomains/ens-contracts/blob/master/contracts/ethregistrar/BaseRegistrarImplementation.sol#L171\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/ensdomains/ens-contracts/commit/e6b136e979084de3761c125142620304173990ca\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/ensdomains/ens-contracts/security/advisories/GHSA-rrxv-q8m4-wch3\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/ensdomains/ens-contracts/blob/master/contracts/ethregistrar/BaseRegistrarImplementation.sol#L171\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/ensdomains/ens-contracts/commit/e6b136e979084de3761c125142620304173990ca\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/ensdomains/ens-contracts/security/advisories/GHSA-rrxv-q8m4-wch3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/ensdomains/ens-contracts/security/advisories/GHSA-rrxv-q8m4-wch3\", \"name\": \"https://github.com/ensdomains/ens-contracts/security/advisories/GHSA-rrxv-q8m4-wch3\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/ensdomains/ens-contracts/commit/e6b136e979084de3761c125142620304173990ca\", \"name\": \"https://github.com/ensdomains/ens-contracts/commit/e6b136e979084de3761c125142620304173990ca\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/ensdomains/ens-contracts/blob/master/contracts/ethregistrar/BaseRegistrarImplementation.sol#L171\", \"name\": \"https://github.com/ensdomains/ens-contracts/blob/master/contracts/ethregistrar/BaseRegistrarImplementation.sol#L171\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T17:46:56.811Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-38698\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-03T18:12:20.434166Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ens.domains:ethereum_name_service:*:*:*:*:*:*:*:*\"], \"vendor\": \"ens.domains\", \"product\": \"ethereum_name_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"0.0.21\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-03T18:12:27.865Z\"}}], \"cna\": {\"title\": \".eth registrar controller can shorten the duration of registered names\", \"source\": {\"advisory\": \"GHSA-rrxv-q8m4-wch3\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"ensdomains\", \"product\": \"ens-contracts\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c= 0.0.21\"}]}], \"references\": [{\"url\": \"https://github.com/ensdomains/ens-contracts/security/advisories/GHSA-rrxv-q8m4-wch3\", \"name\": \"https://github.com/ensdomains/ens-contracts/security/advisories/GHSA-rrxv-q8m4-wch3\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/ensdomains/ens-contracts/commit/e6b136e979084de3761c125142620304173990ca\", \"name\": \"https://github.com/ensdomains/ens-contracts/commit/e6b136e979084de3761c125142620304173990ca\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/ensdomains/ens-contracts/blob/master/contracts/ethregistrar/BaseRegistrarImplementation.sol#L171\", \"name\": \"https://github.com/ensdomains/ens-contracts/blob/master/contracts/ethregistrar/BaseRegistrarImplementation.sol#L171\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration time of existing domains. However, a preliminary analysis suggests that an attacker-controlled controller may be able to reduce the expiration time of existing domains due to an integer overflow in the renew function. The vulnerability resides `@ensdomains/ens-contracts` prior to version 0.0.22.\\n\\nIf successfully exploited, this vulnerability would enable attackers to force the expiration of any ENS record, ultimately allowing them to claim the affected domains for themselves. Currently, it would require a malicious DAO to exploit it. Nevertheless, any vulnerability present in the controllers could potentially render this issue exploitable in the future. An additional concern is the possibility of renewal discounts. Should ENS decide to implement a system that offers unlimited .eth domains for a fixed fee in the future, the vulnerability could become exploitable by any user due to the reduced attack cost.\\n\\nVersion 0.0.22 contains a patch for this issue. As long as registration cost remains linear or superlinear based on registration duration, or limited to a reasonable maximum (eg, 1 million years), this vulnerability could only be exploited by a malicious DAO. The interim workaround is thus to take no action.\\n\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-190\", \"description\": \"CWE-190: Integer Overflow or Wraparound\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-08-04T17:41:14.426Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-38698\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-03T18:13:44.326Z\", \"dateReserved\": \"2023-07-24T16:19:28.364Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-08-04T17:41:14.426Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.