96 matches found
Frontier's modexp precompile is slow for even modulus
Impact Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery multiplication, and even modulus uses the slow plain power algorithm. This gas cost...
PT-2023-21717 · Substrate +2 · Substrate +2
Name of the Vulnerable Software and Affected Versions: Frontier versions prior to the deployment of pull request 1017 Description: The issue arises from the modexp precompile in Frontier, which uses the num-bigint crate. The implementation treats odd and even moduli differently, with odd moduli...
[Medium - 1] Ecrecover precompile doesn't behave the same as the one from Ethereum
Lines of code Vulnerability details Impact According to the Ethereum yellow paper and in the specifications of the ecrecover precompile, it is stated that if the ecrecover doesn't return anything denoted by ∅, then the return should be 0 as well. If we take a look at the current ecrecover...
Design/Logic Flaw
SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...
evm incorrect state transition
SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...
CVE-2022-39354 evm has incorrect is_static parameter for custom stateful precompiles
SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...
CVE-2022-39354 evm has incorrect is_static parameter for custom stateful precompiles
SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...
GHSA-CJG2-2FJG-FPH4 Integer underflow in Frontier
Impact A bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds and production WebAssembly binaries, the impact is limited as it can only cause a normal EVM out-of-gas. It is...
Integer underflow in Frontier
Impact A bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds and production WebAssembly binaries, the impact is limited as it can only cause a normal EVM out-of-gas. It is...
CVE-2022-21685
Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds and...
Integer overflow
Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds and...
CVE-2022-21685
CVE-2022-21685 affects Frontier’s MODEXP precompile in Substrate’s Ethereum compatibility layer. The root cause is a bug in the MODEXP precompile that can trigger an integer underflow. Impact: Debug builds: possible node crash Release/WebAssembly: limited impact to EVM out-of-gasMitigation: apply...
CVE-2022-21685 Integer underflow in Frontier
Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds and...
GHSA-PR3H-JJHJ-573X Sprockets path traversal leads to information leak
Specially crafted requests can be used to access files that exist on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately. Workaround:...
apr-util heap buffer underwrite
The aprstrmatchprecompile function in strmatch/aprstrmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service daemon crash via crafted input involving 1 a .htaccess file used with the Apache HTTP Server, 2 the SVNMasterURI directive in the moddavsvn module in t...
DEBIAN-CVE-2009-0023
The aprstrmatchprecompile function in strmatch/aprstrmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service daemon crash via crafted input involving 1 a .htaccess file used with the Apache HTTP Server, 2 the SVNMasterURI directive in the moddavsvn module in t...