CVE-2021-25837

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-25837
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25837.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-25837
Published
2021-02-08T18:15:13.927Z
Modified
2026-03-14T10:51:36.649885Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Due to the inconsistency between the Storage caching cycle and the Tx processing cycle, Storage changes caused by a failed transaction are improperly reserved in memory. Although the bad storage cache data will be discarded at EndBlock, it is still valid in the current block, which enables many possible attacks such as an "arbitrary mint token".

References

Affected packages

Git / github.com/cosmos/ethermint

Affected ranges

Type
GIT
Repo
https://github.com/cosmos/ethermint
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
11e2f636787f453dac645b53e6b930d42bbb8711
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.4.0"
        }
    ]
}

Affected versions

v0.*
v0.0.0
v0.3.0
v0.4.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25837.json"