Veracode Vulnerability DatabaseVERACODE:36626Denial Of Service (DoS)
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
18.3%
evmos/ethermint is vulnerable to denial of service. The vulnerability exists in the “deleteaccount” function in statedb.go due to improper access control which allows an attacker to crash the system by sending a specially-crafted request using the self-destruct function
References
github.com/crypto-org-chain/cronos/commit/386b739eacec508a2484d94ab95b971f97d9d940
github.com/crypto-org-chain/cronos/pull/440
github.com/evmos/ethermint/blob/c9d42d667b753147977a725e98ed116c933c76cb/x/evm/keeper/statedb.go#L199-L203
github.com/evmos/ethermint/commit/144741832007a26dbe950512acbda4ed95b2a451
github.com/evmos/ethermint/security/advisories/GHSA-f92v-grc2-w2fg
github.com/evmos/evmos/commit/a29659527e65015bac15a7891dd23392e09c61c0
github.com/evmos/evmos/pull/815
github.com/Kava-Labs/kava/commit/29096459253ce1edade676fe8651b87e729c89d8
github.com/Kava-Labs/kava/pull/1288
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
18.3%