CVE-2024-32873

2024-06-0619:15:56

CWE-682

GitHub_M

web.nvd.nist.gov

evmos

ethereum virtual machine

cosmos network

spendable balance

delegating vested tokens

clawback vesting account

unvested tokens

vulnerability

fixed

18.0.0

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. The spendable balance is not updated properly when delegating vested tokens. The issue allows a clawback vesting account to anticipate the release of unvested tokens. This vulnerability is fixed in 18.0.0.

Affected configurations

Vulners

Node

evmosevmosRange<18.0.0

VendorProductVersionCPE
evmosevmos*cpe:2.3:a:evmos:evmos:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
evmos	evmos	*	cpe:2.3:a:evmos:evmos::::::::

CNA Affected

[
  {
    "vendor": "evmos",
    "product": "evmos",
    "versions": [
      {
        "version": "< 18.0.0",
        "status": "affected"
      }
    ]
  }
]