3 matches found
CVE-2022-36025
Besu (Java-based Ethereum client) contains a numeric conversion bug in gas calculation for CALL/DELEGATECALL, affecting versions after 22.1.3 and before 22.7.1. The error in 32-bit signed/unsigned arithmetic can pass incorrect gas to called contracts and return gas, potentially causing a differin...
CVE-2021-21369
Hyperledger Besu (Java) prior to v1.5.1 is affected by a denial‑of‑service in the HTTP JSON‑RPC API when HTTP auth is enabled. The vulnerability arises because a login step to obtain a JWT is required before API calls, and an attacker can overload the login endpoint with invalid passwords. Passwo...
CVE-2021-41272
CVE-2021-41272 affects the Besu Ethereum client (Java). Beginning with 21.10.0, changes to SHL/SHR/SAR caused a signed type coercion error for negative values in 32-bit integers. Consequence: on networks with mixed vulnerable/non‑vulnerable miners, forks may occur and affected transactions may be...