HIGH🇵🇱 Wersja polska

CVE-2022-24738

CVSS 8.1v3.1pub. 2022-03-07upd. 2024-11-21

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. In versions of evmos prior to 2.0.1 attackers are able to drain unclaimed funds from user addresses. To do this an attacker must create a new chain which does not enforce signature verification and connects it to the target evmos instance. The attacker can use this joined chain to transfer unclaimed funds. Users are advised to upgrade. There are no known workarounds for this issue.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  • Evmos

    APP
    Evmos
    < 2.0.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-32644CRITICAL9.1PL ✓ten sam produkt

Evmos: możliwość bicia dowolnych tokenów przez niespójność stanów EVM/Cosmos

CVE-2024-39696HIGH8.8ten sam produkt

Evmos is a decentralized Ethereum Virtual Machine chain on the Cosmos Network. Prior to version 19.0.0, a user...

CVE-2024-37153HIGH7.5ten sam produkt

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. There is an issue with how to liquid st...

CVE-2022-35936HIGH8.2ten sam produkt

Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` ...

CVE-2024-37154MEDIUM5.3ten sam produkt

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Users are able to delegate tokens that ...