CVE-2022-36025

Incorrect Conversion between Numeric Types in Besu Ethereum Client

Severity Score

9.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations (including DELEGATECALL) results in incorrect gas being passed into called contracts and incorrect gas being returned after call execution. Where the amount of gas makes a difference in the success or failure, or if the gas is a negative 64 bit value, the execution will result in a different state root than expected, resulting in a consensus failure in networks with multiple EVM implementations. In networks with a single EVM implementation this can be used to execute with significantly more gas than then transaction requested, possibly exceeding gas limitations. This issue is patched in version 22.7.1. As a workaround, reverting to version 22.1.3 or earlier will prevent incorrect execution.

Besu es un cliente Ethereum basado en Java. En las versiones más recientes que 22.1.3 y anteriores a 22.7.1, Besu está sujeto a una Conversión Incorrecta entre Tipos Numéricos. Un error en los tipos con signo y sin signo de 32 bits en el cálculo del gas disponible en las operaciones CALL (incluyendo DELEGATECALL) provoca que sea pasado gas incorrecto a los contratos llamados y que sea devuelto gas incorrecto tras la ejecución de la llamada. Cuando la cantidad de gas marca una diferencia en el éxito o el fracaso, o si el gas es un valor negativo de 64 bits, la ejecución resultará a un root state diferente a lo esperado, resultando en un fallo de consenso en redes con múltiples implementaciones de EVM. En redes con una sola implementación de EVM, esto puede ser usado para ejecutar con un gas significativamente mayor que la transacción solicitada, posiblemente excediendo las limitaciones de gas. Este problema está parcheado en versión 22.7.1. Como mitigación, volver a versión 22.1.3 o anterior evitará una ejecución incorrecta.

*Credits: N/A

CVSS Scores

NISTv3.1 9.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-07-15 CVE Reserved
2022-09-24 CVE Published
2024-04-16 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-196: Unsigned to Signed Conversion Error
CWE-681: Incorrect Conversion between Numeric Types

CAPEC

References (1)

URL	Tag	Source
https://github.com/hyperledger/besu/security/advisories/GHSA-4456-w38r-m53x	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linuxfoundation Search vendor "Linuxfoundation"		Besu Search vendor "Linuxfoundation" for product "Besu"				>= 22.4.1 < 22.7.1 Search vendor "Linuxfoundation" for product "Besu" and version " >= 22.4.1 < 22.7.1"		-		Affected
Linuxfoundation Search vendor "Linuxfoundation"		Besu Search vendor "Linuxfoundation" for product "Besu"				22.4.0 Search vendor "Linuxfoundation" for product "Besu" and version "22.4.0"		-		Affected
Linuxfoundation Search vendor "Linuxfoundation"		Besu Search vendor "Linuxfoundation" for product "Besu"				22.4.0 Search vendor "Linuxfoundation" for product "Besu" and version "22.4.0"		rc2		Affected