CVE-2022-37450
Severity Score
5.9
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making (RUM), as exploited in the wild in 2020 through 2022.
Go Ethereum (también se conoce como geth) versiones hasta 1.10.21, permite a atacantes aumentar las recompensas mediante la minería de bloques en determinadas situaciones, y el uso de una manipulación de los valores de diferencia de tiempo para lograr el reemplazo de los bloques de la cadena principal, también se conoce como Riskless Uncle Making (RUM), como es explotado "in the wild" en 2020 hasta 2022
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-08-05 CVE Reserved
- 2022-08-05 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-10-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://dx.doi.org/10.13140/RG.2.2.27813.99043 | Broken Link | |
| https://medium.com/%40aviv.yaish/uncle-maker-time-stamping-out-the-competition-in-ethereum-d27c1cb62fef | X_refsource_misc | |
| https://news.ycombinator.com/item?id=32354896 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/ethereum/go-ethereum/blob/671094279e8d27f4b4c3c94bf8b636c26b473976/core/forkchoice.go#L91-L94 | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ethereum Search vendor "Ethereum" | Go Ethereum Search vendor "Ethereum" for product "Go Ethereum" | <= 1.10.21 Search vendor "Ethereum" for product "Go Ethereum" and version " <= 1.10.21" | - |
Affected
| ||||||