Lucene search

[email protected]NVD:CVE-2022-24916

HistoryFeb 10, 2022 - 8:15 p.m.

CVE-2022-24916

2022-02-1020:15:07

[email protected]

web.nvd.nist.gov

optimism ethereum economicgriefing balanceduplication securityvulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

58.9%

JSON

Optimism before @eth-optimism/[email protected] allows economic griefing because a balance is duplicated upon contract self-destruction.

Affected configurations

Nvd

Node

optimismeth-optimism\/l2gethRange<0.5.11

VendorProductVersionCPE
optimismeth-optimism\/l2geth*cpe:2.3:a:optimism:eth-optimism\/l2geth:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
optimism	eth-optimism\/l2geth	*	cpe:2.3:a:optimism:eth-optimism\/l2geth::::::::

References

github.com/ethereum-optimism/optimism/compare/%40eth-optimism%2Fl2geth%400.5.10...%40eth-optimism%2Fl2geth%400.5.11

github.com/ethereum-optimism/optimism/pull/2146

news.ycombinator.com/item?id=30289240

optimismpbc.medium.com/disclosure-fixing-a-critical-bug-in-optimisms-geth-fork-a836ebdf7c94

www.saurik.com/optimism.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

58.9%

JSON

Related for NVD:CVE-2022-24916

cvelist1 prion1 cve1 osv1 veracode1