CVE-2022-35915
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS
Percentile
39.2%
OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 supportsInterface query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue has been fixed in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| openzeppelin | contracts | * | cpe:2.3:a:openzeppelin:contracts:*:*:*:*:*:node.js:*:* |
| openzeppelin | contracts_upgradeable | * | cpe:2.3:a:openzeppelin:contracts_upgradeable:*:*:*:*:*:node.js:*:* |
| openzeppelin | openzeppelin-eth | * | cpe:2.3:a:openzeppelin:openzeppelin-eth:*:*:*:*:*:node.js:*:* |
| openzeppelin | openzeppelin-solidity | * | cpe:2.3:a:openzeppelin:openzeppelin-solidity:*:*:*:*:*:node.js:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS
Percentile
39.2%