Lucene search
PRIOn knowledge basePRION:CVE-2022-35915HistoryAug 01, 2022 - 9:15 p.m.
Design/Logic Flaw
2022-08-0121:15:00
PRIOn knowledge base
www.prio-n.com
14
0.001 Low
EPSS
Percentile
39.3%
OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 supportsInterface query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue has been fixed in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue.
| CPE | Name | Operator | Version |
|---|---|---|---|
| contracts | ge | 2.0.0 | |
| contracts | lt | 4.7.2 | |
| contracts_upgradeable | ge | 3.2.0 | |
| contracts_upgradeable | lt | 4.7.2 | |
| openzeppelin-eth | ge | 2.0.0 | |
| openzeppelin-solidity | ge | 2.0.0 |
Related
github
github
OpenZeppelin Contracts ERC165Checker unbounded gas consumption
2022-08-14 00:23:34
nvd
nvd
CVE-2022-35915
2022-08-01 21:15:13
osv
osv
OpenZeppelin Contracts ERC165Checker unbounded gas consumption
2022-08-14 00:23:34
CVE-2022-35915
2022-08-01 21:15:13
cvelist
cvelist
CVE-2022-35915 Unbounded gas consumption in @openzeppelin/contracts
2022-08-01 21:05:11
veracode
veracode
Denial Of Service (DoS)
2022-08-02 04:06:24
cve
cve
CVE-2022-35915
2022-08-01 21:15:13