CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31264
https://notcve.org/view.php?id=CVE-2022-31264
Solana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program. Solana solana_rbpf versiones anteriores a 0.2.29, presenta un desbordamiento de enteros por medio de encabezados de programa ELF no válidas. elf.rs presenta un pánico por medio de un programa eBPF malformado • https://github.com/Ainevsia/CVE-Request/tree/main/Solana/1 https://github.com/solana-labs/rbpf/releases/tag/v0.2.29 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 2CVE-2022-23066 – Solana rBPF - Incorrect Calculation in sdiv instruction
https://notcve.org/view.php?id=CVE-2022-23066
In Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Calculation which is caused by improper implementation of sdiv instruction. This can lead to the wrong execution path, resulting in huge loss in specific cases. For example, the result of a sdiv instruction may decide whether to transfer tokens or not. The vulnerability affects both integrity and may cause serious availability problems. En Solana rBPF versiones 0.2.26 y 0.2.27, están afectadas por un Cálculo Incorrecto que es causado por la implementación inapropiada de la instrucción sdiv. • https://blocksecteam.medium.com/how-a-critical-bug-in-solana-network-was-detected-and-timely-patched-a701870e1324 https://github.com/solana-labs/rbpf/commit/e61e045f8c244de978401d186dcfd50838817297 https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23066 • CWE-682: Incorrect Calculation •