Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:36431
HistoryJul 22, 2022 - 4:54 a.m.

Authentication Bypass

2022-07-2204:54:26
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
authentication
bypass
vulnerability
openzeppelin/contracts
abi.decode
isvalidsignaturenow
signaturechecker.sol
_supportserc165interfacedue
erc165checker.sol
malicious user

EPSS

0.001

Percentile

26.7%

JSON

@openzeppelin/contracts is vulnerable to authentication bypass. The vulnerability exists because the abi.decode is getting unexpectedly reverted in the isValidSignatureNow function of SignatureChecker.sol and _supportsERC165Interfacedue function of ERC165Checker.soldue to the incorrect assumption about abi.decode, allowing a malicious user to pass an invalid signature to the system and become authenticated.

Related

github 1
prion 1
cvelist 1
osv 2
nvd 1
cve 1
github
github
OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers
2022-07-21 22:33:37
prion
prion
Design/Logic Flaw
2022-07-22 04:15:00
cvelist
cvelist
CVE-2022-31172 OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers
2022-07-21 13:55:11
osv
osv
OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers
2022-07-21 22:33:37
CVE-2022-31172
2022-07-22 04:15:14
nvd
nvd
CVE-2022-31172
2022-07-22 04:15:14
cve
cve
CVE-2022-31172
2022-07-22 04:15:14

EPSS

0.001

Percentile

26.7%

JSON
Related for VERACODE:36431
github1prion1cvelist1osv2nvd1cve1