Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making (RUM), as exploited in the wild in 2020 through 2022.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/37xxx/CVE-2022-37450.json",
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "2020"
},
{
"fixed": "2022"
}
],
"source": "DESCRIPTION"
}
],
"cna_assigner": "mitre"
}{
"cpe": "cpe:2.3:a:ethereum:go_ethereum:*:*:*:*:*:*:*:*",
"source": [
"DESCRIPTION",
"CPE_RANGE"
],
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1.10.21"
},
{
"last_affected": "1.10.21"
}
]
}