Lucene search

Veracode Vulnerability DatabaseVERACODE:42011

HistoryAug 03, 2023 - 2:09 a.m.

Force Expiration Of Ethereum Name Service (ENS)

2023-08-0302:09:23

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

ens

contract

integer overflow

vulnerability

expiration time

reduction

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

20.6%

JSON

@ensdomains/ens-contracts is vulnerable to Force Expiration Of Ethereum Name Service (ENS). The vulnerability exists due to the integer overflow in the renew function of BaseRegistrarImplementation.sol, which allows an attacker to reduce the expiration time of existing domains.

CPENameOperatorVersion
@ensdomains/ens-contractsle0.0.21
@ensdomains/ens-contractsle0.0.21

CPE	Name	Operator	Version
	@ensdomains/ens-contracts	le	0.0.21
	@ensdomains/ens-contracts	le	0.0.21

References

github.com/advisories/GHSA-rrxv-q8m4-wch3

github.com/ensdomains/ens-contracts/blob/master/contracts/ethregistrar/BaseRegistrarImplementation.sol#L171

github.com/ensdomains/ens-contracts/commit/e6b136e979084de3761c125142620304173990ca

github.com/ensdomains/ens-contracts/security/advisories/GHSA-rrxv-q8m4-wch3

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

20.6%

JSON

Related for VERACODE:42011