GitHub Advisory DatabaseGHSA-QF7J-25G9-R63Felrond-go MultiESDTNFTTransfer call on a SC address with missing function name
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
30.7%
Impact
Anyone who uses elrond-go to process blocks (historical or actual) that contains a transaction like this: MultiESDTNFTTransfer@01@54444558544b4b5955532d323631626138@00@0793afc18c8da2ca@ (mind the missing function name after the last @)
Basic functionality like p2p messaging, storage, API requests and such are unaffected.
Patches
Patch v1.3.34 or higher
Workarounds
No workarounds
References
For future reference, one can observe the following integration test:
[provide the link to the integration test]
For more information
If you have any questions or comments about this advisory:
- Open an issue in elrond-go (http://github.com/ElrondNetwork/elrond-go/issues)
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/elrondnetwork/elrond-go | le | 1.3.33 |
References
github.com/advisories/GHSA-qf7j-25g9-r63f
github.com/ElrondNetwork/elrond-go/blob/8e402fa6d7e91e779980122d3798b2bf50892945/integrationTests/vm/txsFee/asyncESDT_test.go#L402
github.com/ElrondNetwork/elrond-go/commit/cb487fd7be2a2077638eb34ae771a73630c870c7
github.com/ElrondNetwork/elrond-go/security/advisories/GHSA-qf7j-25g9-r63f
nvd.nist.gov/vuln/detail/CVE-2022-36058
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
30.7%