gsd-2022-35936
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts did not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract's code is recovered. The new contract deployment restores the `bytecode hash -> bytecode` entry in the internal state.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-35936",
"description": "Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts did not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract\u0027s code is recovered. The new contract deployment restores the `bytecode hash -\u003e bytecode` entry in the internal state.",
"id": "GSD-2022-35936"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-35936"
],
"details": "Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts did not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract\u0027s code is recovered. The new contract deployment restores the `bytecode hash -\u003e bytecode` entry in the internal state.",
"id": "GSD-2022-35936",
"modified": "2023-12-13T01:19:33.537470Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-35936",
"STATE": "PUBLIC",
"TITLE": "Ethermint DoS through Unintended Contract Selfdestruct"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ethermint",
"version": {
"version_data": [
{
"version_value": "\u003c= 0.17.2"
}
]
}
}
]
},
"vendor_name": "evmos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts did not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract\u0027s code is recovered. The new contract deployment restores the `bytecode hash -\u003e bytecode` entry in the internal state."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668: Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/evmos/ethermint/security/advisories/GHSA-f92v-grc2-w2fg",
"refsource": "CONFIRM",
"url": "https://github.com/evmos/ethermint/security/advisories/GHSA-f92v-grc2-w2fg"
},
{
"name": "https://github.com/evmos/ethermint/commit/144741832007a26dbe950512acbda4ed95b2a451",
"refsource": "MISC",
"url": "https://github.com/evmos/ethermint/commit/144741832007a26dbe950512acbda4ed95b2a451"
},
{
"name": "https://github.com/evmos/ethermint/blob/c9d42d667b753147977a725e98ed116c933c76cb/x/evm/keeper/statedb.go#L199-L203",
"refsource": "MISC",
"url": "https://github.com/evmos/ethermint/blob/c9d42d667b753147977a725e98ed116c933c76cb/x/evm/keeper/statedb.go#L199-L203"
}
]
},
"source": {
"advisory": "GHSA-f92v-grc2-w2fg",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c=v0.17.5",
"affected_versions": "All versions up to 0.17.5",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-668",
"CWE-937"
],
"date": "2022-08-18",
"description": "Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts does not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract\u0027s code is recovered. The new contract deployment restores the `bytecode hash -\u003e bytecode` entry in the internal state.",
"fixed_versions": [
"v0.18.0"
],
"identifier": "CVE-2022-35936",
"identifiers": [
"GHSA-f92v-grc2-w2fg",
"CVE-2022-35936"
],
"not_impacted": "All versions after 0.17.5",
"package_slug": "go/github.com/Kava-Labs/kava",
"pubdate": "2022-08-18",
"solution": "Upgrade to version 0.18.0 or above.",
"title": "Exposure of Resource to Wrong Sphere",
"urls": [
"https://github.com/evmos/ethermint/security/advisories/GHSA-f92v-grc2-w2fg",
"https://nvd.nist.gov/vuln/detail/CVE-2022-35936",
"https://github.com/evmos/ethermint/commit/144741832007a26dbe950512acbda4ed95b2a451",
"https://github.com/evmos/ethermint/blob/c9d42d667b753147977a725e98ed116c933c76cb/x/evm/keeper/statedb.go#L199-L203",
"https://github.com/advisories/GHSA-f92v-grc2-w2fg"
],
"uuid": "6e29c591-5776-4038-9888-d3a7551c171c",
"versions": [
{
"commit": {
"sha": "5020a6a448d4d8d666de64dfd220da0f47dbcacf",
"tags": [
"v0.17.5"
],
"timestamp": "20220607213002"
},
"number": "v0.17.5"
},
{
"commit": {
"sha": "29096459253ce1edade676fe8651b87e729c89d8",
"tags": [
"v0.18.0"
],
"timestamp": "20220804220104"
},
"number": "v0.18.0"
}
]
},
{
"affected_range": "\u003c=v0.7.0",
"affected_versions": "All versions up to 0.7.0",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-668",
"CWE-937"
],
"date": "2022-08-18",
"description": "Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts does not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract\u0027s code is recovered. The new contract deployment restores the `bytecode hash -\u003e bytecode` entry in the internal state.",
"fixed_versions": [
"v0.7.1-rc2"
],
"identifier": "CVE-2022-35936",
"identifiers": [
"GHSA-f92v-grc2-w2fg",
"CVE-2022-35936"
],
"not_impacted": "All versions after 0.7.0",
"package_slug": "go/github.com/crypto-org-chain/cronos",
"pubdate": "2022-08-18",
"solution": "Upgrade to version 0.7.1-rc2 or above. *Note*: 0.7.1-rc2 may be an unstable version. Use caution.",
"title": "Exposure of Resource to Wrong Sphere",
"urls": [
"https://github.com/evmos/ethermint/security/advisories/GHSA-f92v-grc2-w2fg",
"https://nvd.nist.gov/vuln/detail/CVE-2022-35936",
"https://github.com/evmos/ethermint/commit/144741832007a26dbe950512acbda4ed95b2a451",
"https://github.com/evmos/ethermint/blob/c9d42d667b753147977a725e98ed116c933c76cb/x/evm/keeper/statedb.go#L199-L203",
"https://github.com/advisories/GHSA-f92v-grc2-w2fg"
],
"uuid": "03c54dce-ffc5-4974-bdaa-49d057041bd6",
"versions": [
{
"commit": {
"sha": "799ac47e293403bd57580d2ff96bb8d9851c3cde",
"tags": [
"v0.7.0",
"v0.7.0-hotfix-temp"
],
"timestamp": "20220503084123"
},
"number": "v0.7.0"
},
{
"commit": {
"sha": "e30cc05f45934630b6ceae8315aac4c9c5eefc62",
"tags": [
"v0.7.1-rc2"
],
"timestamp": "20220725120515"
},
"number": "v0.7.1-rc2"
}
]
},
{
"affected_range": "\u003c=v0.17.2",
"affected_versions": "All versions up to 0.17.2",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-668",
"CWE-937"
],
"date": "2022-08-18",
"description": "Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts does not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract\u0027s code is recovered. The new contract deployment restores the `bytecode hash -\u003e bytecode` entry in the internal state.",
"fixed_versions": [
"v0.18.0"
],
"identifier": "CVE-2022-35936",
"identifiers": [
"GHSA-f92v-grc2-w2fg",
"CVE-2022-35936"
],
"not_impacted": "All versions after 0.17.2",
"package_slug": "go/github.com/evmos/ethermint",
"pubdate": "2022-08-18",
"solution": "Upgrade to version 0.18.0 or above.",
"title": "Exposure of Resource to Wrong Sphere",
"urls": [
"https://github.com/evmos/ethermint/security/advisories/GHSA-f92v-grc2-w2fg",
"https://nvd.nist.gov/vuln/detail/CVE-2022-35936",
"https://github.com/evmos/ethermint/commit/144741832007a26dbe950512acbda4ed95b2a451",
"https://github.com/evmos/ethermint/blob/c9d42d667b753147977a725e98ed116c933c76cb/x/evm/keeper/statedb.go#L199-L203",
"https://github.com/advisories/GHSA-f92v-grc2-w2fg"
],
"uuid": "79f1eaa9-ebab-4817-940e-366c8c9c2b01",
"versions": [
{
"commit": {
"sha": "c9d42d667b753147977a725e98ed116c933c76cb",
"tags": [
"v0.17.2"
],
"timestamp": "20220726174133"
},
"number": "v0.17.2"
},
{
"commit": {
"sha": "144741832007a26dbe950512acbda4ed95b2a451",
"tags": [
"v0.18.0"
],
"timestamp": "20220804194701"
},
"number": "v0.18.0"
}
]
},
{
"affected_range": "\u003c=v6.0.3",
"affected_versions": "All versions up to 6.0.3",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-668",
"CWE-937"
],
"date": "2022-08-18",
"description": "Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts does not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract\u0027s code is recovered. The new contract deployment restores the `bytecode hash -\u003e bytecode` entry in the internal state.",
"fixed_versions": [
"v7.0.0"
],
"identifier": "CVE-2022-35936",
"identifiers": [
"GHSA-f92v-grc2-w2fg",
"CVE-2022-35936"
],
"not_impacted": "All versions after 6.0.3",
"package_slug": "go/github.com/evmos/evmos",
"pubdate": "2022-08-18",
"solution": "Upgrade to version 7.0.0 or above.",
"title": "Exposure of Resource to Wrong Sphere",
"urls": [
"https://github.com/evmos/ethermint/security/advisories/GHSA-f92v-grc2-w2fg",
"https://nvd.nist.gov/vuln/detail/CVE-2022-35936",
"https://github.com/evmos/ethermint/commit/144741832007a26dbe950512acbda4ed95b2a451",
"https://github.com/evmos/ethermint/blob/c9d42d667b753147977a725e98ed116c933c76cb/x/evm/keeper/statedb.go#L199-L203",
"https://github.com/advisories/GHSA-f92v-grc2-w2fg"
],
"uuid": "ec055d43-5492-4bd5-81b7-096ecd4efa50",
"versions": [
{
"commit": {
"sha": "db44f68bfb4e81537d064345455b29208cd1a407",
"tags": [
"v6.0.3"
],
"timestamp": "20220726195456"
},
"number": "v6.0.3"
},
{
"commit": {
"sha": "a1c4b7af4cecd908d703a00bbb808c66ea61ab8a",
"tags": [
"v7.0.0"
],
"timestamp": "20220804195107"
},
"number": "v7.0.0"
}
]
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:evmos:ethermint:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "0.18.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:kava:kava:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "0.18.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:crypto:cronos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:evmos:evmos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-35936"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts did not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract\u0027s code is recovered. The new contract deployment restores the `bytecode hash -\u003e bytecode` entry in the internal state."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/evmos/ethermint/blob/c9d42d667b753147977a725e98ed116c933c76cb/x/evm/keeper/statedb.go#L199-L203",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/evmos/ethermint/blob/c9d42d667b753147977a725e98ed116c933c76cb/x/evm/keeper/statedb.go#L199-L203"
},
{
"name": "https://github.com/evmos/ethermint/commit/144741832007a26dbe950512acbda4ed95b2a451",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/evmos/ethermint/commit/144741832007a26dbe950512acbda4ed95b2a451"
},
{
"name": "https://github.com/evmos/ethermint/security/advisories/GHSA-f92v-grc2-w2fg",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/evmos/ethermint/security/advisories/GHSA-f92v-grc2-w2fg"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
},
"lastModifiedDate": "2022-08-13T00:59Z",
"publishedDate": "2022-08-05T13:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…