Lucene search

[email protected]CVE-2022-40769

HistorySep 18, 2022 - 5:15 p.m.

CVE-2022-40769

2022-09-1817:15:09

CWE-338

[email protected]

web.nvd.nist.gov

cve-2022-40769

profanity

rng

vulnerability

ethereum

cryptocurrency

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

45.3%

JSON

profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022.

Affected configurations

NVD

Node

profanity_projectprofanityRange≤1.60

CPENameOperatorVersion
profanity_project:profanityprofanity project profanityle1.60

CPE	Name	Operator	Version
profanity_project:profanity	profanity project profanity	le	1.60

References

blog.1inch.io/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-address-tool-68ed7455fc8c

github.com/johguse/profanity

github.com/johguse/profanity/issues/61

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

45.3%

JSON

Related for CVE-2022-40769

osv1 nvd1 prion1 alpinelinux1 cvelist1