6 matches found
CVE-2022-46173 Elrond go Processing: fallback search of SCRs when not found in the main cache
Elrond-GO is a go implementation for the Elrond Network protocol. Versions prior to 1.3.50 are subject to a processing issue where nodes are affected when trying to process a cross-shard relayed transaction with a smart contract deploy transaction data. The problem was a bad correlation between t...
CVE-2022-36061
Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.35, read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contract's B...
CVE-2022-36061 Elrond go can execute on same context checks in VM
Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.35, read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contract's B...
CVE-2022-36058
Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.34, anyone who uses elrond-go to process blocks historical or actual could encounter a MultiESDTNFTTransfer transaction like this: MultiESDTNFTTransfer with a missing function name. Basic functionality li...
CVE-2022-36058
Elrond-go (github.com/ElrondNetwork/elrond-go) prior to version 1.3.34 is affected by CVE-2022-36058 due to a MultiESDTNFTTransfer call with a missing function name in SC addresses. The issue is confirmed in multiple sources (Red Hat, NVD, OSV, GHSA) and is triggered when processing certain Multi...
Improper Input Validation
Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.34, anyone who uses elrond-go to process blocks historical or actual could encounter a MultiESDTNFTTransfer transaction like this: MultiESDTNFTTransfer with a missing function name. Basic functionality li...