PT-2022-15036 · Frontier · Frontier

Notlesh

Published

2022-01-14

Updated

2022-01-21

CVE-2022-21685

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Frontier versions prior to commit 8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664

Description A bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds (and production WebAssembly binaries), the impact is limited as it can only cause a normal EVM out-of-gas. Users who do not use MODEXP precompile in their runtime are not impacted.

Recommendations Apply the patch available in pull request #549 to resolve the issue. As a temporary workaround, consider avoiding the use of the MODEXP precompile in your runtime until the patch is applied.

Exploit

Fix

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-191

Related Identifiers

CVE-2022-21685

GHSA-CJG2-2FJG-FPH4

Affected Products

Frontier

PT-2022-15036 · Frontier · Frontier

CVE-2022-21685

Weakness Enumeration

Related Identifiers

Affected Products

References · 8