Lucene search
K

96 matches found

Github Security Blog
Github Security Blog
added 2023/03/21 10:31 p.m.31 views

Frontier's modexp precompile is slow for even modulus

Impact Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery multiplication, and even modulus uses the slow plain power algorithm. This gas cost...

7.5CVSS7.1AI score0.00873EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/21 12:0 a.m.7 views

PT-2023-21717 · Substrate +2 · Substrate +2

Name of the Vulnerable Software and Affected Versions: Frontier versions prior to the deployment of pull request 1017 Description: The issue arises from the modexp precompile in Frontier, which uses the num-bigint crate. The implementation treats odd and even moduli differently, with odd moduli...

7.5CVSS7.3AI score0.00873EPSS
Exploits0References8
Code423n4
Code423n4
added 2023/03/19 12:0 a.m.23 views

[Medium - 1] Ecrecover precompile doesn't behave the same as the one from Ethereum

Lines of code Vulnerability details Impact According to the Ethereum yellow paper and in the specifications of the ecrecover precompile, it is stated that if the ecrecover doesn't return anything denoted by ∅, then the return should be 0 as well. If we take a look at the current ecrecover...

6.6AI score
Exploits0
Prion
Prion
added 2022/10/25 7:15 p.m.22 views

Design/Logic Flaw

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...

5CVSS7.4AI score0.00538EPSS
Exploits0References2Affected Software1
RustSec
RustSec
added 2022/10/25 12:0 p.m.27 views

evm incorrect state transition

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...

7.5CVSS1.6AI score0.00538EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/25 12:0 a.m.6 views

CVE-2022-39354 evm has incorrect is_static parameter for custom stateful precompiles

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...

5.9CVSS7.5AI score0.00538EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/10/25 12:0 a.m.64 views

CVE-2022-39354 evm has incorrect is_static parameter for custom stateful precompiles

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...

5.9CVSS7.7AI score0.00538EPSS
Exploits0References2
OSV
OSV
added 2022/01/14 9:3 p.m.20 views

GHSA-CJG2-2FJG-FPH4 Integer underflow in Frontier

Impact A bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds and production WebAssembly binaries, the impact is limited as it can only cause a normal EVM out-of-gas. It is...

6.5CVSS6.4AI score0.01331EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/01/14 9:3 p.m.31 views

Integer underflow in Frontier

Impact A bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds and production WebAssembly binaries, the impact is limited as it can only cause a normal EVM out-of-gas. It is...

6.5CVSS1.9AI score0.01331EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2022/01/14 5:15 p.m.39 views

CVE-2022-21685

Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds and...

6.5CVSS0.01331EPSS
Exploits0References3
Prion
Prion
added 2022/01/14 5:15 p.m.19 views

Integer overflow

Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds and...

4CVSS6.4AI score0.01331EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/01/14 5:5 p.m.75 views

CVE-2022-21685

CVE-2022-21685 affects Frontier’s MODEXP precompile in Substrate’s Ethereum compatibility layer. The root cause is a bug in the MODEXP precompile that can trigger an integer underflow. Impact: Debug builds: possible node crash Release/WebAssembly: limited impact to EVM out-of-gasMitigation: apply...

6.5CVSS6.3AI score0.01331EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/01/14 5:5 p.m.29 views

CVE-2022-21685 Integer underflow in Frontier

Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds and...

6.5CVSS6.4AI score0.01331EPSS
Exploits0References5
OSV
OSV
added 2018/06/20 10:18 p.m.28 views

GHSA-PR3H-JJHJ-573X Sprockets path traversal leads to information leak

Specially crafted requests can be used to access files that exist on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately. Workaround:...

7.5CVSS7.4AI score0.26717EPSS
Exploits2References11
RedHat Linux
RedHat Linux
added 2009/06/16 9:49 p.m.4 views

apr-util heap buffer underwrite

The aprstrmatchprecompile function in strmatch/aprstrmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service daemon crash via crafted input involving 1 a .htaccess file used with the Apache HTTP Server, 2 the SVNMasterURI directive in the moddavsvn module in t...

4.3CVSS7.3AI score0.0853EPSS
Exploits1References4
OSV
OSV
added 2009/06/08 1:0 a.m.1 views

DEBIAN-CVE-2009-0023

The aprstrmatchprecompile function in strmatch/aprstrmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service daemon crash via crafted input involving 1 a .htaccess file used with the Apache HTTP Server, 2 the SVNMasterURI directive in the moddavsvn module in t...

4.3CVSS8AI score0.0853EPSS
Exploits1References1
Rows per page
Query Builder