GSD-2022-35936
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts did not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract's code is recovered. The new contract deployment restores the `bytecode hash -> bytecode` entry in the internal state.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-35936",
"description": "Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts did not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract\u0027s code is recovered. The new contract deployment restores the `bytecode hash -\u003e bytecode` entry in the internal state.",
"id": "GSD-2022-35936"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-35936"
],
"details": "Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts did not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract\u0027s code is recovered. The new contract deployment restores the `bytecode hash -\u003e bytecode` entry in the internal state.",
"id": "GSD-2022-35936",
"modified": "2023-12-13T01:19:33.537470Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-35936",
"STATE": "PUBLIC",
"TITLE": "Ethermint DoS through Unintended Contract Selfdestruct"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ethermint",
"version": {
"version_data": [
{
"version_value": "\u003c= 0.17.2"
}
]
}
}
]
},
"vendor_name": "evmos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts did not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract\u0027s code is recovered. The new contract deployment restores the `bytecode hash -\u003e bytecode` entry in the internal state."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668: Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/evmos/ethermint/security/advisories/GHSA-f92v-grc2-w2fg",
"refsource": "CONFIRM",
"url": "https://github.com/evmos/ethermint/security/advisories/GHSA-f92v-grc2-w2fg"
},
{
"name": "https://github.com/evmos/ethermint/commit/144741832007a26dbe950512acbda4ed95b2a451",
"refsource": "MISC",
"url": "https://github.com/evmos/ethermint/commit/144741832007a26dbe950512acbda4ed95b2a451"
},
{
"name": "https://github.com/evmos/ethermint/blob/c9d42d667b753147977a725e98ed116c933c76cb/x/evm/keeper/statedb.go#L199-L203",
"refsource": "MISC",
"url": "https://github.com/evmos/ethermint/blob/c9d42d667b753147977a725e98ed116c933c76cb/x/evm/keeper/statedb.go#L199-L203"
}
]
},
"source": {
"advisory": "GHSA-f92v-grc2-w2fg",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c=v0.17.5",
"affected_versions": "All versions up to 0.17.5",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-668",
"CWE-937"
],
"date": "2022-08-18",
"description": "Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts does not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract\u0027s code is recovered. The new contract deployment restores the `bytecode hash -\u003e bytecode` entry in the internal state.",
"fixed_versions": [
"v0.18.0"
],
"identifier": "CVE-2022-35936",
"identifiers": [
"GHSA-f92v-grc2-w2fg",
"CVE-2022-35936"
],
"not_impacted": "All versions after 0.17.5",
"package_slug": "go/github.com/Kava-Labs/kava",
"pubdate": "2022-08-18",
"solution": "Upgrade to version 0.18.0 or above.",
"title": "Exposure of Resource to Wrong Sphere",
"urls": [
"https://github.com/evmos/ethermint/security/advisories/GHSA-f92v-grc2-w2fg",
"https://nvd.nist.gov/vuln/detail/CVE-2022-35936",
"https://github.com/evmos/ethermint/commit/144741832007a26dbe950512acbda4ed95b2a451",
"https://github.com/evmos/ethermint/blob/c9d42d667b753147977a725e98ed116c933c76cb/x/evm/keeper/statedb.go#L199-L203",
"https://github.com/advisories/GHSA-f92v-grc2-w2fg"
],
"uuid": "6e29c591-5776-4038-9888-d3a7551c171c",
"versions": [
{
"commit": {
"sha": "5020a6a448d4d8d666de64dfd220da0f47dbcacf",
"tags": [
"v0.17.5"
],
"timestamp": "20220607213002"
},
"number": "v0.17.5"
},
{
"commit": {
"sha": "29096459253ce1edade676fe8651b87e729c89d8",
"tags": [
"v0.18.0"
],
"timestamp": "20220804220104"
},
"number": "v0.18.0"
}
]
},
{
"affected_range": "\u003c=v0.7.0",
"affected_versions": "All versions up to 0.7.0",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-668",
"CWE-937"
],
"date": "2022-08-18",
"description": "Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts does not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract\u0027s code is recovered. The new contract deployment restores the `bytecode hash -\u003e bytecode` entry in the internal state.",
"fixed_versions": [
"v0.7.1-rc2"
],
"identifier": "CVE-2022-35936",
"identifiers": [
"GHSA-f92v-grc2-w2fg",
"CVE-2022-35936"
],
"not_impacted": "All versions after 0.7.0",
"package_slug": "go/github.com/crypto-org-chain/cronos",
"pubdate": "2022-08-18",
"solution": "Upgrade to version 0.7.1-rc2 or above. *Note*: 0.7.1-rc2 may be an unstable version. Use caution.",
"title": "Exposure of Resource to Wrong Sphere",
"urls": [
"https://github.com/evmos/ethermint/security/advisories/GHSA-f92v-grc2-w2fg",
"https://nvd.nist.gov/vuln/detail/CVE-2022-35936",
"https://github.com/evmos/ethermint/commit/144741832007a26dbe950512acbda4ed95b2a451",
"https://github.com/evmos/ethermint/blob/c9d42d667b753147977a725e98ed116c933c76cb/x/evm/keeper/statedb.go#L199-L203",
"https://github.com/advisories/GHSA-f92v-grc2-w2fg"
],
"uuid": "03c54dce-ffc5-4974-bdaa-49d057041bd6",
"versions": [
{
"commit": {
"sha": "799ac47e293403bd57580d2ff96bb8d9851c3cde",
"tags": [
"v0.7.0",
"v0.7.0-hotfix-temp"
],
"timestamp": "20220503084123"
},
"number": "v0.7.0"
},
{
"commit": {
"sha": "e30cc05f45934630b6ceae8315aac4c9c5eefc62",
"tags": [
"v0.7.1-rc2"
],
"timestamp": "20220725120515"
},
"number": "v0.7.1-rc2"
}
]
},
{
"affected_range": "\u003c=v0.17.2",
"affected_versions": "All versions up to 0.17.2",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-668",
"CWE-937"
],
"date": "2022-08-18",
"description": "Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts does not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract\u0027s code is recovered. The new contract deployment restores the `bytecode hash -\u003e bytecode` entry in the internal state.",
"fixed_versions": [
"v0.18.0"
],
"identifier": "CVE-2022-35936",
"identifiers": [
"GHSA-f92v-grc2-w2fg",
"CVE-2022-35936"
],
"not_impacted": "All versions after 0.17.2",
"package_slug": "go/github.com/evmos/ethermint",
"pubdate": "2022-08-18",
"solution": "Upgrade to version 0.18.0 or above.",
"title": "Exposure of Resource to Wrong Sphere",
"urls": [
"https://github.com/evmos/ethermint/security/advisories/GHSA-f92v-grc2-w2fg",
"https://nvd.nist.gov/vuln/detail/CVE-2022-35936",
"https://github.com/evmos/ethermint/commit/144741832007a26dbe950512acbda4ed95b2a451",
"https://github.com/evmos/ethermint/blob/c9d42d667b753147977a725e98ed116c933c76cb/x/evm/keeper/statedb.go#L199-L203",
"https://github.com/advisories/GHSA-f92v-grc2-w2fg"
],
"uuid": "79f1eaa9-ebab-4817-940e-366c8c9c2b01",
"versions": [
{
"commit": {
"sha": "c9d42d667b753147977a725e98ed116c933c76cb",
"tags": [
"v0.17.2"
],
"timestamp": "20220726174133"
},
"number": "v0.17.2"
},
{
"commit": {
"sha": "144741832007a26dbe950512acbda4ed95b2a451",
"tags": [
"v0.18.0"
],
"timestamp": "20220804194701"
},
"number": "v0.18.0"
}
]
},
{
"affected_range": "\u003c=v6.0.3",
"affected_versions": "All versions up to 6.0.3",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-668",
"CWE-937"
],
"date": "2022-08-18",
"description": "Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts does not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract\u0027s code is recovered. The new contract deployment restores the `bytecode hash -\u003e bytecode` entry in the internal state.",
"fixed_versions": [
"v7.0.0"
],
"identifier": "CVE-2022-35936",
"identifiers": [
"GHSA-f92v-grc2-w2fg",
"CVE-2022-35936"
],
"not_impacted": "All versions after 6.0.3",
"package_slug": "go/github.com/evmos/evmos",
"pubdate": "2022-08-18",
"solution": "Upgrade to version 7.0.0 or above.",
"title": "Exposure of Resource to Wrong Sphere",
"urls": [
"https://github.com/evmos/ethermint/security/advisories/GHSA-f92v-grc2-w2fg",
"https://nvd.nist.gov/vuln/detail/CVE-2022-35936",
"https://github.com/evmos/ethermint/commit/144741832007a26dbe950512acbda4ed95b2a451",
"https://github.com/evmos/ethermint/blob/c9d42d667b753147977a725e98ed116c933c76cb/x/evm/keeper/statedb.go#L199-L203",
"https://github.com/advisories/GHSA-f92v-grc2-w2fg"
],
"uuid": "ec055d43-5492-4bd5-81b7-096ecd4efa50",
"versions": [
{
"commit": {
"sha": "db44f68bfb4e81537d064345455b29208cd1a407",
"tags": [
"v6.0.3"
],
"timestamp": "20220726195456"
},
"number": "v6.0.3"
},
{
"commit": {
"sha": "a1c4b7af4cecd908d703a00bbb808c66ea61ab8a",
"tags": [
"v7.0.0"
],
"timestamp": "20220804195107"
},
"number": "v7.0.0"
}
]
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:evmos:ethermint:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "0.18.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:kava:kava:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "0.18.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:crypto:cronos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:evmos:evmos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-35936"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts did not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract\u0027s code is recovered. The new contract deployment restores the `bytecode hash -\u003e bytecode` entry in the internal state."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/evmos/ethermint/blob/c9d42d667b753147977a725e98ed116c933c76cb/x/evm/keeper/statedb.go#L199-L203",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/evmos/ethermint/blob/c9d42d667b753147977a725e98ed116c933c76cb/x/evm/keeper/statedb.go#L199-L203"
},
{
"name": "https://github.com/evmos/ethermint/commit/144741832007a26dbe950512acbda4ed95b2a451",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/evmos/ethermint/commit/144741832007a26dbe950512acbda4ed95b2a451"
},
{
"name": "https://github.com/evmos/ethermint/security/advisories/GHSA-f92v-grc2-w2fg",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/evmos/ethermint/security/advisories/GHSA-f92v-grc2-w2fg"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
},
"lastModifiedDate": "2022-08-13T00:59Z",
"publishedDate": "2022-08-05T13:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…