Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-21685

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-14 Jan, 2022 | 17:05
Updated At-23 Apr, 2025 | 19:11
Rejected At-
Credits

Integer underflow in Frontier

Frontier is Substrate's Ethereum compatibility layer. Prior to commit number `8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664`, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds (and production WebAssembly binaries), the impact is limited as it can only cause a normal EVM out-of-gas. Users who do not use MODEXP precompile in their runtime are not impacted. A patch is available in pull request #549.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:14 Jan, 2022 | 17:05
Updated At:23 Apr, 2025 | 19:11
Rejected At:
▼CVE Numbering Authority (CNA)
Integer underflow in Frontier

Frontier is Substrate's Ethereum compatibility layer. Prior to commit number `8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664`, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds (and production WebAssembly binaries), the impact is limited as it can only cause a normal EVM out-of-gas. Users who do not use MODEXP precompile in their runtime are not impacted. A patch is available in pull request #549.

Affected Products
Vendor
paritytech
Product
frontier
Versions
Affected
  • < 8a93fdc
Problem Types
TypeCWE IDDescription
CWECWE-191CWE-191: Integer Underflow (Wrap or Wraparound)
Type: CWE
CWE ID: CWE-191
Description: CWE-191: Integer Underflow (Wrap or Wraparound)
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/paritytech/frontier/security/advisories/GHSA-cjg2-2fjg-fph4
x_refsource_CONFIRM
https://github.com/paritytech/frontier/pull/549
x_refsource_MISC
https://github.com/paritytech/frontier/commit/8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664
x_refsource_MISC
Hyperlink: https://github.com/paritytech/frontier/security/advisories/GHSA-cjg2-2fjg-fph4
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/paritytech/frontier/pull/549
Resource:
x_refsource_MISC
Hyperlink: https://github.com/paritytech/frontier/commit/8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/paritytech/frontier/security/advisories/GHSA-cjg2-2fjg-fph4
x_refsource_CONFIRM
x_transferred
https://github.com/paritytech/frontier/pull/549
x_refsource_MISC
x_transferred
https://github.com/paritytech/frontier/commit/8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/paritytech/frontier/security/advisories/GHSA-cjg2-2fjg-fph4
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/paritytech/frontier/pull/549
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/paritytech/frontier/commit/8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664
Resource:
x_refsource_MISC
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:14 Jan, 2022 | 17:15
Updated At:21 Jan, 2022 | 20:40

Frontier is Substrate's Ethereum compatibility layer. Prior to commit number `8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664`, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds (and production WebAssembly binaries), the impact is limited as it can only cause a normal EVM out-of-gas. Users who do not use MODEXP precompile in their runtime are not impacted. A patch is available in pull request #549.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:P
CPE Matches
parity
parity
>>frontier>>Versions up to 2022-01-13(inclusive)
cpe:2.3:a:parity:frontier:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-191Primarynvd@nist.gov
CWE-191Secondarysecurity-advisories@github.com
CWE ID: CWE-191
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-191
Type: Secondary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/paritytech/frontier/commit/8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664security-advisories@github.com
Patch
Third Party Advisory
https://github.com/paritytech/frontier/pull/549security-advisories@github.com
Patch
Third Party Advisory
https://github.com/paritytech/frontier/security/advisories/GHSA-cjg2-2fjg-fph4security-advisories@github.com
Patch
Third Party Advisory
Hyperlink: https://github.com/paritytech/frontier/commit/8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664
Source: security-advisories@github.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/paritytech/frontier/pull/549
Source: security-advisories@github.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/paritytech/frontier/security/advisories/GHSA-cjg2-2fjg-fph4
Source: security-advisories@github.com
Resource:
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2022-36008
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.44% / 62.17%
||
7 Day CHG-0.21%
Published-19 Aug, 2022 | 20:25
Updated-23 Apr, 2025 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Message length overflow in frontier

Frontier is Substrate's Ethereum compatibility layer. A security issue was discovered affecting parsing of the RPC result of the exit reason in case of EVM reversion. In release build, this would cause the exit reason being incorrectly parsed and returned by RPC. In debug build, this would cause an overflow panic. No action is needed unless you have a bridge node that needs to distinguish different reversion exit reasons and you used RPC for this. There are currently no known workarounds.

Action-Not Available
Vendor-parityparitytech
Product-frontierfrontier
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-30011
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.08% / 86.24%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 16:57
Updated-27 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Denial of Service Vulnerability

Windows Hyper-V Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2022windows_server_2019windows_server_2012Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2019Windows Server 2012 R2Windows Server 2022Windows Server 2016Windows Server 2012
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2021-41821
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 63.42%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 22:59
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer Underflow vulnerability that might lead to denial of service. A crafted message must be sent from an authenticated agent to the manager.

Action-Not Available
Vendor-n/aWazuh, Inc.
Product-wazuhn/a
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2021-25121
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 63.47%
||
7 Day CHG~0.00%
Published-20 Jun, 2022 | 10:25
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rating by BestWebSoft < 1.6 - Rating Denial of Service

The Rating by BestWebSoft WordPress plugin before 1.6 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such rating

Action-Not Available
Vendor-UnknownBestWebSoft
Product-ratingRating by BestWebSoft
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2021-24894
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 64.06%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 19:16
Updated-03 Aug, 2024 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reviews Plus < 1.2.14 - Subscriber+ Reviews DoS

The Reviews Plus WordPress plugin before 1.2.14 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated user submit such rating and the reviews are set to be displayed on the post/page

Action-Not Available
Vendor-implecodeUnknown
Product-reviews_plusReviews Plus
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CWE ID-CWE-20
Improper Input Validation
CVE-2022-3165
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.02%
||
7 Day CHG~0.00%
Published-17 Oct, 2022 | 00:00
Updated-14 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.

Action-Not Available
Vendor-n/aFedora ProjectQEMU
Product-qemufedoraQEMU
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
Details not found