| id: GO-2022-0760 |
| modules: |
| - module: github.com/crypto-org-chain/cronos |
| versions: |
| - fixed: 0.7.1-rc2 |
| vulnerable_at: 0.7.1-rc1 |
| - module: github.com/evmos/ethermint |
| versions: |
| - fixed: 0.18.0 |
| vulnerable_at: 0.17.2 |
| - module: github.com/evmos/evmos |
| vulnerable_at: 1.1.3 |
| - module: github.com/evmos/evmos/v2 |
| vulnerable_at: 2.0.2 |
| - module: github.com/evmos/evmos/v3 |
| vulnerable_at: 3.0.3 |
| - module: github.com/evmos/evmos/v4 |
| vulnerable_at: 4.0.2 |
| - module: github.com/evmos/evmos/v5 |
| vulnerable_at: 5.0.1 |
| - module: github.com/evmos/evmos/v6 |
| vulnerable_at: 6.0.4 |
| - module: github.com/evmos/evmos/v7 |
| versions: |
| - fixed: 7.0.0 |
| - module: github.com/kava-labs/kava |
| versions: |
| - fixed: 0.18.0 |
| vulnerable_at: 0.17.7 |
| summary: Ethermint vulnerable to DoS through unintended Contract Selfdestruct in github.com/crypto-org-chain/cronos |
| cves: |
| - CVE-2022-35936 |
| ghsas: |
| - GHSA-f92v-grc2-w2fg |
| references: |
| - advisory: https://github.com/evmos/ethermint/security/advisories/GHSA-f92v-grc2-w2fg |
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-35936 |
| - fix: https://github.com/evmos/ethermint/commit/144741832007a26dbe950512acbda4ed95b2a451 |
| - web: https://github.com/evmos/ethermint/blob/c9d42d667b753147977a725e98ed116c933c76cb/x/evm/keeper/statedb.go#L199-L203 |
| notes: |
| - fix: 'github.com/evmos/evmos/v7: could not add vulnerable_at: could not find tagged version between introduced and fixed' |
| source: |
| id: GHSA-f92v-grc2-w2fg |
| created: 2024-08-20T14:13:11.806894-04:00 |
| review_status: UNREVIEWED |
| unexcluded: EFFECTIVELY_PRIVATE |
