Products

Solutions

Company

Book A Live Demo

CVE-2022-46173 : Security Advisory and Response

Learn about CVE-2022-46173 impacting Elrond-GO versions < 1.3.50 due to incorrect resource transfer between spheres. Follow mitigation steps to protect your system.

This CVE-2022-46173 article provides detailed information about a vulnerability in Elrond-GO affecting versions prior to 1.3.50.

Understanding CVE-2022-46173

Elrond-GO, an implementation for the Elrond Network protocol, experienced a processing issue leading to nodes being affected when processing cross-shard relayed transactions with smart contract deploy transaction data.

What is CVE-2022-46173?

Versions of Elrond-GO earlier than 1.3.50 encountered a problem due to incorrect resource transfer between spheres. Nodes faced issues in processing transactions involving smart contract deploy data.

The Impact of CVE-2022-46173

The vulnerability caused a bad correlation between transaction caches and the processing component, resulting in nodes failing to notarize metachain blocks. The bug allowed for incorrect handling of leftover gas in smart contract results.

Technical Details of CVE-2022-46173

The CVSS v3.1 base score for this CVE is 7.2, with a high severity rating. The attack vector is network-based, with low attack complexity.

Vulnerability Description

The issue stemmed from a processing error in handling cross-shard relayed transactions with smart contract deploy data, impacting node operations.

Affected Systems and Versions

Elrond-GO versions prior to 1.3.50 are susceptible to this vulnerability.

Exploitation Mechanism

Attackers could exploit this vulnerability by sending transactions with more gas than required, leading to incorrect processing and cache add-ups.

Mitigation and Prevention

Following the release of version 1.3.50, the issue has been patched. Users are advised to update to the fixed version to prevent exploitation.

Immediate Steps to Take

Update Elrond-GO to version 1.3.50 or later to mitigate the risk associated with this vulnerability.

Long-Term Security Practices

Regularly updating software and monitoring security advisories can help protect against similar vulnerabilities in the future.

Patching and Updates

Stay informed about security patches and updates from ElrondNetwork to address potential vulnerabilities.

CVE-2022-46173 : Security Advisory and Response

Understanding CVE-2022-46173

What is CVE-2022-46173?

The Impact of CVE-2022-46173

Technical Details of CVE-2022-46173

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CVE-2022-46173 : Security Advisory and Response

.css-lczsrn{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:24px;font-weight:700;margin-top:1rem;font-family:sans-serif;}Understanding CVE-2022-46173

.css-ru2q5j{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:1.2rem;font-weight:700;margin-top:1rem;margin-bottom:0rem;font-family:sans-serif;}What is CVE-2022-46173?

The Impact of CVE-2022-46173

Technical Details of CVE-2022-46173

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities? Find Out Now

Understanding CVE-2022-46173

What is CVE-2022-46173?

Is your System Free of Underlying Vulnerabilities?
Find Out Now