Vulnerability Data

CVE-2022-21685

Track security vulnerabilities

Frontier is Substrate's Ethereum compatibility layer. Prior to commit number `8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664`, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds (and production WebAssembly binaries), the impact is limited as it can only cause a normal EVM out-of-gas. Users who do not use MODEXP precompile in their runtime are not impacted. A patch is available in pull request #549.

Published at
2022-01-14
2 days ago
Modified
2022-01-14
2 days ago
2022
Year
The year of the turtle

https://github.com/paritytech/frontier/security/advisories/GHSA-cjg2-2fjg-fph4

CONFIRM:https://github.com/paritytech/frontier/security/advisories/GHSA-cjg2-2fjg-fph4

Read More about itMore info

https://github.com/paritytech/frontier/commit/8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664

MISC:https://github.com/paritytech/frontier/commit/8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664

Read More about itMore info

https://github.com/paritytech/frontier/pull/549

MISC:https://github.com/paritytech/frontier/pull/549

Read More about itMore info

Vulnerability RAW

{
	"Title": {
		"_text": "CVE-2022-21685"
	},
	"Notes": {
		"Note": [
			{
				"_text": "Frontier is Substrate's Ethereum compatibility layer. Prior to commit number `8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664`, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds (and production WebAssembly binaries), the impact is limited as it can only cause a normal EVM out-of-gas. Users who do not use MODEXP precompile in their runtime are not impacted. A patch is available in pull request #549."
			},
			{
				"_text": "2022-01-14"
			},
			{
				"_text": "2022-01-14"
			}
		]
	},
	"CVE": {
		"_text": "CVE-2022-21685"
	},
	"References": {
		"Reference": [
			{
				"URL": {
					"_text": "https://github.com/paritytech/frontier/security/advisories/GHSA-cjg2-2fjg-fph4"
				},
				"Description": {
					"_text": "CONFIRM:https://github.com/paritytech/frontier/security/advisories/GHSA-cjg2-2fjg-fph4"
				}
			},
			{
				"URL": {
					"_text": "https://github.com/paritytech/frontier/commit/8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664"
				},
				"Description": {
					"_text": "MISC:https://github.com/paritytech/frontier/commit/8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664"
				}
			},
			{
				"URL": {
					"_text": "https://github.com/paritytech/frontier/pull/549"
				},
				"Description": {
					"_text": "MISC:https://github.com/paritytech/frontier/pull/549"
				}
			}
		]
	}
}