CVE-2022-37450 — Ethereum Go-ethereum vulnerability

5 documents5 sources

Severity

5.9MEDIUMNVD

VulnCheck7.5

EPSS

0.5%

top 32.42%

CISA KEV

Not in KEV

Exploit

Exploited in wild

Active exploitation observed

Affected products

Github.com Ethereum Go-ethereum Ethereum GO Ethereum

Timeline

PublishedAug 5

Latest updateAug 6

Description

Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making (RUM), as exploited in the wild in 2020 through 2022.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶NVDethereum/go_ethereum1.10.21

▶Gogithub.com/ethereum_go-ethereum1.10.21

🔴Vulnerability Details

OSV

Go Ethereum allows attackers to use manipulation of time-difference values to achieve replacement of main-chain blocks↗2022-08-06

▶

GHSA

Go Ethereum allows attackers to use manipulation of time-difference values to achieve replacement of main-chain blocks↗2022-08-06

▶

CVEList

CVE-2022-37450: Go Ethereum (aka geth) through 1↗2022-08-05

▶

VulnCheck

Go Ethereum (Geth) Time-Difference Value Manipulation Vulnerability↗2022

▶