CVE-2022-21685

Published: Jan 14, 2022

Modified: Apr 23, 2025

PUBLISHED

CVSS v3.1

6.5

MEDIUM

Description

Frontier is Substrate's Ethereum compatibility layer. Prior to commit number `8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664`, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds (and production WebAssembly binaries), the impact is limited as it can only cause a normal EVM out-of-gas. Users who do not use MODEXP precompile in their runtime are not impacted. A patch is available in pull request #549.

Vendor	Product	Versions
paritytech	frontier	affected `< 8a93fdc`

Weaknesses (CWE)

CWE-191

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://github.com/paritytech/frontier/security/advisories/GHSA-cjg2-2fjg-fph4

x_refsource_CONFIRM

https://github.com/paritytech/frontier/pull/549

x_refsource_MISC

https://github.com/paritytech/frontier/commit/8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-21685

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References