CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31264
https://notcve.org/view.php?id=CVE-2022-31264
Solana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program. Solana solana_rbpf versiones anteriores a 0.2.29, presenta un desbordamiento de enteros por medio de encabezados de programa ELF no válidas. elf.rs presenta un pánico por medio de un programa eBPF malformado • https://github.com/Ainevsia/CVE-Request/tree/main/Solana/1 https://github.com/solana-labs/rbpf/releases/tag/v0.2.29 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 2CVE-2022-23066 – Solana rBPF - Incorrect Calculation in sdiv instruction
https://notcve.org/view.php?id=CVE-2022-23066
In Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Calculation which is caused by improper implementation of sdiv instruction. This can lead to the wrong execution path, resulting in huge loss in specific cases. For example, the result of a sdiv instruction may decide whether to transfer tokens or not. The vulnerability affects both integrity and may cause serious availability problems. En Solana rBPF versiones 0.2.26 y 0.2.27, están afectadas por un Cálculo Incorrecto que es causado por la implementación inapropiada de la instrucción sdiv. • https://blocksecteam.medium.com/how-a-critical-bug-in-solana-network-was-detected-and-timely-patched-a701870e1324 https://github.com/solana-labs/rbpf/commit/e61e045f8c244de978401d186dcfd50838817297 https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23066 • CWE-682: Incorrect Calculation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2021-46102
https://notcve.org/view.php?id=CVE-2021-46102
From version 0.2.14 to 0.2.16 for Solana rBPF, function "relocate" in the file src/elf.rs has an integer overflow bug because the sym.st_value is read directly from ELF file without checking. If the sym.st_value is rather large, an integer overflow is triggered while calculating the variable "addr" via "addr = (sym.st_value + refd_pa) as u64"; De la versión 0.2.14 a 0.2.16 para Solana rBPF, la función "relocate" en el archivo src/elf.rs presenta un bug de desbordamiento de enteros porque el sym.st_value es leído directamente del archivo ELF sin comprobarlo. Si el sym.st_value es bastante grande, es producido un desbordamiento de enteros mientras es calculada la variable "addr" por medio de "addr = (sym.st_value + refd_pa) as u64" • https://blocksecteam.medium.com/new-integer-overflow-bug-discovered-in-solana-rbpf-7729717159ee https://github.com/solana-labs/rbpf/blob/c14764850f0b83b58aa013248eaf6d65836c1218/src/elf.rs#L609-L630 https://github.com/solana-labs/rbpf/pull/200 https://github.com/solana-labs/rbpf/pull/236 • CWE-190: Integer Overflow or Wraparound •