Denial Of Service (DoS)

2022-07-1807:33:32

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.003 Low

EPSS

Percentile

71.9%

JSON

openzeppelin_cairo_contracts is vulnerable to denial of service. The vulnerability exists in execute in library.cairo due to an incorrect reference in the ecdsa_ptr pointer, which allows an attacker to cause an application crash.

CPENameOperatorVersion
openzeppelin-cairo-contractseq0.2.0
openzeppelin-cairo-contractseq0.2.0

CPE	Name	Operator	Version
	openzeppelin-cairo-contracts	eq	0.2.0
	openzeppelin-cairo-contracts	eq	0.2.0

References

github.com/advisories/GHSA-8mjr-jr5h-q2xr

github.com/OpenZeppelin/cairo-contracts/blob/release-0.2.0/src/openzeppelin/account/library.cairo#L203

github.com/OpenZeppelin/cairo-contracts/commit/2cd60279c3332285d47edf9ee3888b71257acdc9

github.com/OpenZeppelin/cairo-contracts/commit/c2007df15001a411740376efb1b2b78df98e59d8

github.com/OpenZeppelin/cairo-contracts/issues/386

github.com/OpenZeppelin/cairo-contracts/pull/387

github.com/OpenZeppelin/cairo-contracts/releases/tag/v0.2.1

github.com/OpenZeppelin/cairo-contracts/security/advisories/GHSA-8mjr-jr5h-q2xr

0.003 Low

EPSS

Percentile

71.9%

JSON

Related for VERACODE:36382