PT-2021-23970 · Cronos · Cronos

Zb3

Published

2021-12-21

Updated

2022-01-06

CVE-2021-43839

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Cronos versions prior to v0.6.5

Description: The issue allows an attacker to take transaction fees from Cosmos SDK's FeeCollector for the current block by sending a custom crafted MsgEthereumTx. User funds and balances are safe.

Recommendations: For Cronos versions prior to v0.6.5, upgrade to Cronos v0.6.5 at the earliest possible convenience.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-670

Related Identifiers

CVE-2021-43839

GHSA-F854-HPXV-CW9R

Affected Products

Cronos

PT-2021-23970 · Cronos · Cronos

CVE-2021-43839

Weakness Enumeration

Related Identifiers

Affected Products

References · 7