CVE-2024-37159

2024-06-1714:15:10

Google

osv.dev

evmos

ethereum virtual machine

cosmos network

vulnerability

validator

tokens

deposit

self-bond

fixed

software

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

3.4 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. This vulnerability allowed a user to create a validator using vested tokens to deposit the self-bond. This vulnerability is fixed in 18.0.0.

CPENameOperatorVersion
evmoseq16.0.2
evmoseq16.0.0-rc5
evmoseq16.0.0-rc2
evmoseq16.0.0-rc4
evmoseq16.0.3
evmoseq16.0.0
evmoseq17.0.0
evmoseq16.0.0-rc2.1
evmoseq16.0.1
evmoseq16.0.0-rc1

Name	Operator	Version
evmos	eq	16.0.2
evmos	eq	16.0.0-rc5
evmos	eq	16.0.0-rc2
evmos	eq	16.0.0-rc4
evmos	eq	16.0.3
evmos	eq	16.0.0
evmos	eq	17.0.0
evmos	eq	16.0.0-rc2.1
evmos	eq	16.0.1
evmos	eq	16.0.0-rc1