Lucene search
HistoryJun 06, 2024 - 7:15 p.m.
CVE-2024-32873
evmos
ethereum virtual machine
cosmos network
balance update
vested tokens
clawback vesting account
vulnerability
fixed
CVSS3
3.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
EPSS
0
Percentile
9.0%
Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. The spendable balance is not updated properly when delegating vested tokens. The issue allows a clawback vesting account to anticipate the release of unvested tokens. This vulnerability is fixed in 18.0.0.
Related
vulnrichment
vulnrichment
CVE-2024-32873 evmos allows transferring unvested tokens after delegations
2024-06-06 18:13:54
cvelist
cvelist
CVE-2024-32873 evmos allows transferring unvested tokens after delegations
2024-06-06 18:13:54
veracode
veracode
Incorrect Calculation
2024-06-11 06:07:58
cve
cve
CVE-2024-32873
2024-06-06 19:15:56
github
github
evmos allows transferring unvested tokens after delegations
2024-06-06 18:21:05
osv
osv
CVE-2024-37158
2024-06-17 14:15:10
CVE-2024-32873
2024-06-06 19:15:56
Evmos is missing create validator check in github.com/evmos/evmos
2024-06-28 15:28:30
CVSS3
3.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
EPSS
0
Percentile
9.0%
Related for NVD:CVE-2024-32873