CVE-2022-36058

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-36058
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-36058.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-36058
Aliases
Published
2022-09-06T20:10:09Z
Modified
2026-04-10T04:50:26.704893Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
elrond-go MultiESDTNFTTransfer call on a SC address with missing function name
Details

Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.34, anyone who uses elrond-go to process blocks (historical or actual) could encounter a MultiESDTNFTTransfer transaction like this: MultiESDTNFTTransfer with a missing function name. Basic functionality like p2p messaging, storage, API requests and such are unaffected. Version 1.3.34 contains a fix for this issue. There are no known workarounds.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/36xxx/CVE-2022-36058.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-20"
    ]
}
References

Affected packages

Git / github.com/elrondnetwork/elrond-go

Affected ranges

Type
GIT
Repo
https://github.com/elrondnetwork/elrond-go
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
cb487fd7be2a2077638eb34ae771a73630c870c7

Affected versions

V1.*
V1.0.6
V1.0.7
Other
test-01
v.*
v.0.5
v1.*
v1.0.1
v1.0.127
v1.0.128
v1.0.129
v1.0.13
v1.0.130
v1.0.131
v1.0.132
v1.0.133
v1.0.135
v1.0.136
v1.0.137
v1.0.138
v1.0.139
v1.0.14
v1.0.148
v1.0.150
v1.0.2
v1.0.25
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.1.0
v1.1.1
v1.1.10
v1.1.11
v1.1.12
v1.1.13
v1.1.14
v1.1.15
v1.1.16
v1.1.17
v1.1.18
v1.1.19
v1.1.2
v1.1.20
v1.1.21
v1.1.22
v1.1.23
v1.1.24
v1.1.25
v1.1.26
v1.1.27
v1.1.28
v1.1.29
v1.1.3
v1.1.30
v1.1.31
v1.1.32
v1.1.33
v1.1.34
v1.1.35
v1.1.36
v1.1.37
v1.1.38
v1.1.4
v1.1.40
v1.1.41
v1.1.43
v1.1.47
v1.1.48
v1.1.49
v1.1.50
v1.1.51
v1.1.52
v1.1.53
v1.1.54
v1.1.55
v1.1.56
v1.1.57
v1.1.58
v1.1.59
v1.1.6
v1.1.60
v1.1.61
v1.1.62
v1.1.63
v1.1.64
v1.1.7
v1.1.8
v1.1.9
v1.2.10
v1.2.11
v1.2.12
v1.2.13
v1.2.14
v1.2.16
v1.2.17
v1.2.18
v1.2.19
v1.2.20
v1.2.22
v1.2.24
v1.2.25
v1.2.26
v1.2.27
v1.2.28
v1.2.29
v1.2.30
v1.2.31
v1.2.33
v1.2.34
v1.2.5
v1.3.10
v1.3.11
v1.3.12
v1.3.13
v1.3.14
v1.3.15
v1.3.16
v1.3.17
v1.3.17-rc1
v1.3.19-rc1
v1.3.19-rc2
v1.3.23-rc1
v1.3.3
v1.3.32
v1.3.33
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.3.8
v1.3.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-36058.json"

Git / github.com/multiversx/mx-chain-go

Affected ranges

Type
GIT
Repo
https://github.com/multiversx/mx-chain-go
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
cb487fd7be2a2077638eb34ae771a73630c870c7

Affected versions

V1.*
V1.0.6
V1.0.7
Other
test-01
v.*
v.0.5
v1.*
v1.0.1
v1.0.127
v1.0.128
v1.0.129
v1.0.13
v1.0.130
v1.0.131
v1.0.132
v1.0.133
v1.0.135
v1.0.136
v1.0.137
v1.0.138
v1.0.139
v1.0.14
v1.0.148
v1.0.150
v1.0.2
v1.0.25
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.1.0
v1.1.1
v1.1.10
v1.1.11
v1.1.12
v1.1.13
v1.1.14
v1.1.15
v1.1.16
v1.1.17
v1.1.18
v1.1.19
v1.1.2
v1.1.20
v1.1.21
v1.1.22
v1.1.23
v1.1.24
v1.1.25
v1.1.26
v1.1.27
v1.1.28
v1.1.29
v1.1.3
v1.1.30
v1.1.31
v1.1.32
v1.1.33
v1.1.34
v1.1.35
v1.1.36
v1.1.37
v1.1.38
v1.1.4
v1.1.40
v1.1.41
v1.1.43
v1.1.47
v1.1.48
v1.1.49
v1.1.50
v1.1.51
v1.1.52
v1.1.53
v1.1.54
v1.1.55
v1.1.56
v1.1.57
v1.1.58
v1.1.59
v1.1.6
v1.1.60
v1.1.61
v1.1.62
v1.1.63
v1.1.64
v1.1.7
v1.1.8
v1.1.9
v1.2.10
v1.2.11
v1.2.12
v1.2.13
v1.2.14
v1.2.16
v1.2.17
v1.2.18
v1.2.19
v1.2.20
v1.2.22
v1.2.24
v1.2.25
v1.2.26
v1.2.27
v1.2.28
v1.2.29
v1.2.30
v1.2.31
v1.2.33
v1.2.34
v1.2.5
v1.3.10
v1.3.11
v1.3.12
v1.3.13
v1.3.14
v1.3.15
v1.3.16
v1.3.17
v1.3.17-rc1
v1.3.19-rc1
v1.3.19-rc2
v1.3.23-rc1
v1.3.3
v1.3.32
v1.3.33
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.3.8
v1.3.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-36058.json"