Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 8:25 p.m.14 views

CVE-2022-31172

OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to...

7.5CVSS6.6AI score0.00413EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/07/21 10:33 p.m.5 views

4337-snap (>=0.1.0 <=0.1.1), @0xabcdefg/smart-order-router (>=1.0.0 <=1.0.5) +1274 more potentially affected by CVE-2022-31172 via @openzeppelin/contracts (>=4.1.0 <=4.7.0)

@openzeppelin/contracts NPM version =4.1.0, =0.1.0, =1.0.0, =1.0.0, =3.24.7, =1.7.2, =1.0.0, =0.2.0, =4.14.3, =1.0.2, =4.0.0, =4.0.1, =2.0.0, =3.1.0 and more Source cves: CVE-2022-31172 Source advisory: OSV:GHSA-4G63-C64M-25W9...

7.5CVSS7.2AI score0.00413EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2022/07/21 1:55 p.m.5 views

CVE-2022-31172 OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers

OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to...

7.5CVSS7.4AI score0.00413EPSS
Exploits0References2
CVE
CVE
added 2022/07/21 1:55 p.m.108 views

CVE-2022-31172

OpenZeppelin Contracts (library) is affected by CVE-2022-31172 in versions 4.1.0–4.7.1, where SignatureChecker.isValidSignatureNow may revert due to an incorrect assumption about Solidity 0.8 ABI decoding, especially when a target contract does not implement EIP-1271 as expected. The vulnerabilit...

7.5CVSS7.4AI score0.00413EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder