CVE-2022-24738

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-24738

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24738.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-24738

Aliases

Published

2022-03-07T22:15:08Z

Modified

2024-09-02T21:36:40Z

Severity

7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. In versions of evmos prior to 2.0.1 attackers are able to drain unclaimed funds from user addresses. To do this an attacker must create a new chain which does not enforce signature verification and connects it to the target evmos instance. The attacker can use this joined chain to transfer unclaimed funds. Users are advised to upgrade. There are no known workarounds for this issue.

References

Affected packages

Git / github.com/evmos/evmos

Affected ranges

Type: GIT
Repo: https://github.com/evmos/evmos
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

28870258d4ee9f1b8aeef5eba891681f89348f71