CVE-2022-40769

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-40769
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-40769.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-40769
Published
2022-09-18T17:15:09.667Z
Modified
2026-03-14T11:54:29.037375Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022.

References

Affected packages

Git / github.com/johguse/profanity

Affected ranges

Type
GIT
Repo
https://github.com/johguse/profanity
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
90f2c2186fd390e55241b16a782830082da49b2d
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.60"
        }
    ]
}

Affected versions

1.*
1.60
v1.*
v1.0
v1.1
v1.11
v1.12
v1.2
v1.21
v1.22
v1.3
v1.31
v1.4
v1.50

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-40769.json"